sshd_config directive processing
doug
doug at fledge.watson.org
Tue Jun 20 04:33:16 UTC 2006
The OpenSSH man page for sshd_config specifies that the allow/deny directives
are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and
finally AllowGroups.
This should be specified in the FreeBSD man pages to prevent attempts such as:
AllowUsers root at specific-host
DenyUsers root*
While I think processing AllowUsers before DenyUsers allows some very useful
things to be done, OpenSSH defines the processing in the listed order.
Specifying the order in the man page lets admins avoid useless attempts.
Doug Denault
More information about the freebsd-doc
mailing list