BUG: sshd_config

OhReally

New member
Joined
Jul 20, 2008
Messages
4
Location
Den Haag, NL
When I enable ssh access for a user, an 'AllowUsers' line is appended to sshd_config. This breaks my sshd configuration, because the last part of sshd_config is reserved for 'Match' sections, so the AllowUsers line should be inserted before the first line that starts with 'Match', if any; 'Match' sections continue to the next 'Match' section or the end of the file.

See `man sshd_config' for more info.
 
What OS are you using? I just cheked man sshd_config for both Mandriva (our desktop systems), CentOS4 (our older servers), and CentOS5 (our newer servers) and none of them have a Match section that needs to go after AllowUsers.

Jeff
 
If you don't need the Match section you can probably remove it. If you do need it, then I'd say write to DirectAdmin support about the issue.

I'm NOT a FreeBSD person; maybe someone else will be able to help here.

Jeff
 
Well, since this is the Feedback forum at DirectAdmin.com, I'm going to assume support is reading along and will fix this.

Thanks.
 
When you assume you make an a?? out of u and me :D.

The forums are NOT an official support venue, and this isn't a feature request.

I strongly suggest you write to DirectAdmin support if you need them.

Jeff
 
Hello,

This would be your best bet to create a plecibo for DA to use.
http://help.directadmin.com/item.php?id=168

If there are *no* AllowUsers entries, then all will be able to use ssh if they have a shell. Note that DA only gives shells to valid ssh users, so you'll still be ok... old non-ssh users will not get ssh access all of a sudden ;) (unless they have a shell, but DA wouldn't have given them one)

John
 
Hi John,

I don't mean to be rude, but... did you actually read what I wrote?

My problem is not that there are too many AllowUsers lines in sshd_config. And my problem is not solved by completely removing the AllowUsers lines. I do want to use AllowUsers; security is a big issue for me.

My problem is that the way DirectAdmin adds AllowUsers lines to sshd_config breaks my config. And the way DirectAdmin adds AllowUsers lines to sshd_config conflicts with the man page. And the man page comes with the app, so the man page is right...

All that needs to be done is get the first and third post in this thread (my first 2 posts) to the development team, and they will have this fixed in 5 minutes.

Thank you,
Rob
 
Yes, the guide would work if it doesn't add the AllowUsers at all, which would allow your Match to happen at the bottom, but it won't work if you do still require the AllowUsers.

The only way to do what you're looking for then would be via the:
/usr/local/directadmin/scripts/custom/user_create_post.sh
/usr/local/directadmin/scripts/custom/user_modify_post.sh
script which would have to be created.
In them you'd do a check for ssh=ON.. I guess don't really have to check, then edit the sshd_config as required.

We have not yet looked at adding the Match function. (IE: we don't support all of the features in all of services)

John
 
Back
Top