OpenSSH - DenyUsers negate

Support for security such as Firewalls and securing linux
Post Reply
wdh
Posts: 2
Joined: 2014/11/22 11:40:32

OpenSSH - DenyUsers negate

Post by wdh » 2023/07/26 15:04:30

Hi all,

Am I missing something? According to the man pages this should work:

# cat /etc/ssh/sshd_config.d/01-permitrootlogin.conf
PermitRootLogin yes
DenyUsers root@!192.168.1.1

Allow root login but ONLY when it's not from 192.168.1.2. Well, that's not working... :(

However, changing the configuration will make it work:

PermitRootLogin yes
DenyUsers root@*,!192.168.1.2

Doing some searches I bumped into this: https://access.redhat.com/solutions/4494281

"We were fixing several bugs in pattern and conditions parsing."

The article mentioned is from April 2022 but the issue is still there in CentOS Stream 9. Am I misreading the man pages or is the bug ("feature") still not fixed?

langeman
Top
User avatar
TrevorH
Site Admin
Posts: 33221
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: OpenSSH - DenyUsers negate

Post by TrevorH » 2023/07/26 17:32:15

I think you are misreading that KB article. It seems to be telling you that the format from 6.6p1 onwards will be the pattern that tell you to grep for.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Top
Post Reply

Return to “8 /8-Stream / 9-Stream - Security Support”