sshd_config AllowUsers/DenyUsers

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Does anyone know if there is a character length limitation in
sshd_config for AllowUsers/DenyUsers ?  For example, if I have 3000
users that I'd like to insert to AllowUsers, and exceeding 4096
character lenght, will I run into any issues?

Re: sshd_config AllowUsers/DenyUsers

Hash: SHA1

J4000 wrote:
Quoted text here. Click to load it

I don't know.

However, I would hesitate to try to add 3000 users to the AllowUsers clause,
just because there are better ways to solve that problem. You /could/ just
define a group to your system (say the "SshUsers" group), and add all 3000
users to it as a suplemental group. Then, name the one group in the
AllowGroups clause. This gives a much shorter sshd_config clause, and permits
you to add and subtract legal ssh users through the standard Unix group
managment tools.

- --
Lew Pitcher

Master Codewright & JOAT-in-training | Registered Linux User #112576 | GPG public key available by request
- ----------      Slackware - Because I know what I'm doing.          ------

Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Armoured with GnuPG


Re: sshd_config AllowUsers/DenyUsers

On Feb 14, 6:40 pm, Lew Pitcher wrote:

Quoted text here. Click to load it

I agree, and there's also the option (with recent versions of OpenSSH)
to use the negative form: DenyUsers which would be still longer than
the AllowGroups, but shorter than listing 3k user names.

Also there is the use of patterns, if the 3k names have something in
common (unlikely), or the hosts from where they are allowed to login
are in a subnet (likely); see man sshd_config and ssh_config.

Ren=E9 Berber

Site Timeline