Date: Tue, 20 Jun 2006 00:33:14 -0400 (EDT) From: doug <doug@fledge.watson.org> To: freebsd-doc@FreeBSD.org Subject: sshd_config directive processing Message-ID: <20060620002333.X70608@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
The OpenSSH man page for sshd_config specifies that the allow/deny directives
are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and
finally AllowGroups.
This should be specified in the FreeBSD man pages to prevent attempts such as:
AllowUsers root@specific-host
DenyUsers root*
While I think processing AllowUsers before DenyUsers allows some very useful
things to be done, OpenSSH defines the processing in the listed order.
Specifying the order in the man page lets admins avoid useless attempts.
Doug Denault
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060620002333.X70608>