This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

sshd_conf and AllowGroups - how to make work with non-primary groups?

I, too, am trying to lock down ssh access.  Using OpenSSH's AllowGroups 
configuration option looks like it would fit my needs perfectly, but it 
doesn't work!  More specifically, it ends up denying all users, unless the 
user's PRIMARY group (as defined in /etc/passwd) is within AllowGroups.

I already found and read the following related posts, none of which actually 
resolve the issue: ("sshd_conf and local groups" 
started 12/31/2005)

Using AllowUsers works as expected - but this is an administrative 
nightmare.  Ideally, I'd like to create a group called "SshUsers" and set 
"AllowGroups SshUsers".  This works, but only if I set the needed user 
accounts in /etc/passwd to use this as their primary group.  Some users need 
their primary group to remain otherwise for other reasons...

I'm guessing this is more of an issue with the Cygwin user commands than it 
is with the OpenSSH implementation.  I DID run both mkpasswd and mkgroup, 
and both my /etc/passwd and /etc/group files are populated.  However, 
running "groups myuser" or "id -Gn myuser" returns only the primary group - 
"Domain Users".  The results are identical whether running bash locally or 
through an ssh connection.

I'm currently running "CYGWIN_NT-5.2 z 1.5.20s(0.154/4/2) 20060227 13:07:35 
i686 Cygwin", but have been able to reproduce this back to 1.5.18, etc...

Any assistance would be greatly appreciated - thanks!

Mark A. Ziesemer 

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]