diff options
-rw-r--r-- | sshd_config.5 | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 63a7dfdde..d47cb0d24 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.300 2020/01/25 07:09:14 tedu Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.301 2020/01/25 22:36:22 djm Exp $ |
37 | .Dd $Mdocdate: January 25 2020 $ | 37 | .Dd $Mdocdate: January 25 2020 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -113,11 +113,8 @@ If specified, login is allowed only for users whose primary | |||
113 | group or supplementary group list matches one of the patterns. | 113 | group or supplementary group list matches one of the patterns. |
114 | Only group names are valid; a numerical group ID is not recognized. | 114 | Only group names are valid; a numerical group ID is not recognized. |
115 | By default, login is allowed for all groups. | 115 | By default, login is allowed for all groups. |
116 | The allow/deny directives are processed in the following order: | 116 | The allow/deny groups directives are processed in the following order: |
117 | .Cm DenyUsers , | ||
118 | .Cm AllowUsers , | ||
119 | .Cm DenyGroups , | 117 | .Cm DenyGroups , |
120 | and finally | ||
121 | .Cm AllowGroups . | 118 | .Cm AllowGroups . |
122 | .Pp | 119 | .Pp |
123 | See PATTERNS in | 120 | See PATTERNS in |
@@ -173,12 +170,9 @@ are separately checked, restricting logins to particular | |||
173 | users from particular hosts. | 170 | users from particular hosts. |
174 | HOST criteria may additionally contain addresses to match in CIDR | 171 | HOST criteria may additionally contain addresses to match in CIDR |
175 | address/masklen format. | 172 | address/masklen format. |
176 | The allow/deny directives are processed in the following order: | 173 | The allow/deny users directives are processed in the following order: |
177 | .Cm DenyUsers , | 174 | .Cm DenyUsers , |
178 | .Cm AllowUsers , | 175 | .Cm AllowUsers . |
179 | .Cm DenyGroups , | ||
180 | and finally | ||
181 | .Cm AllowGroups . | ||
182 | .Pp | 176 | .Pp |
183 | See PATTERNS in | 177 | See PATTERNS in |
184 | .Xr ssh_config 5 | 178 | .Xr ssh_config 5 |
@@ -552,11 +546,8 @@ Login is disallowed for users whose primary group or supplementary | |||
552 | group list matches one of the patterns. | 546 | group list matches one of the patterns. |
553 | Only group names are valid; a numerical group ID is not recognized. | 547 | Only group names are valid; a numerical group ID is not recognized. |
554 | By default, login is allowed for all groups. | 548 | By default, login is allowed for all groups. |
555 | The allow/deny directives are processed in the following order: | 549 | The allow/deny groups directives are processed in the following order: |
556 | .Cm DenyUsers , | ||
557 | .Cm AllowUsers , | ||
558 | .Cm DenyGroups , | 550 | .Cm DenyGroups , |
559 | and finally | ||
560 | .Cm AllowGroups . | 551 | .Cm AllowGroups . |
561 | .Pp | 552 | .Pp |
562 | See PATTERNS in | 553 | See PATTERNS in |
@@ -573,12 +564,9 @@ are separately checked, restricting logins to particular | |||
573 | users from particular hosts. | 564 | users from particular hosts. |
574 | HOST criteria may additionally contain addresses to match in CIDR | 565 | HOST criteria may additionally contain addresses to match in CIDR |
575 | address/masklen format. | 566 | address/masklen format. |
576 | The allow/deny directives are processed in the following order: | 567 | The allow/deny users directives are processed in the following order: |
577 | .Cm DenyUsers , | 568 | .Cm DenyUsers , |
578 | .Cm AllowUsers , | 569 | .Cm AllowUsers . |
579 | .Cm DenyGroups , | ||
580 | and finally | ||
581 | .Cm AllowGroups . | ||
582 | .Pp | 570 | .Pp |
583 | See PATTERNS in | 571 | See PATTERNS in |
584 | .Xr ssh_config 5 | 572 | .Xr ssh_config 5 |