-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SSH login failure with conflicting group permissions #9
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! I think this approach can fix the bug.
I read again man ssh_config
, the PATTERNS
section. It seems the !
(not) operator can do the job.
Maybe we could reduce the patch size with a couple of changes...
root/etc/e-smith/templates/etc/ssh/sshd_config/70Restricted2Sftp
Outdated
Show resolved
Hide resolved
root/etc/e-smith/templates/etc/ssh/sshd_config/70Restricted2Sftp
Outdated
Show resolved
Hide resolved
root/etc/e-smith/templates/etc/ssh/sshd_config/70Restricted2Sftp
Outdated
Show resolved
Hide resolved
This patch seems to fix the bug, however wait a moment to merge it. We must be sure it can work with the planned enhancement NethServer/dev#6059 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Summary: I bet we don't need to record the groups with SFTP only access. On the contrary, we are interested in the list of those who can access SSH. Anyone else can do SFTP, provided login permission is granted.
This is the logic of the MatchGroup/MatchAll
directives: we can take advantage of it!
NethServer/dev#6058
NethServer/dev#6059