1 files changed, 25 insertions, 1 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 8c714444b..2fc2d057e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.53 2006/02/24 23:51:17 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.54 2006/02/25 12:28:34 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -101,6 +101,12 @@ If specified, login is allowed only for users whose primary
 group or supplementary group list matches one of the patterns.
 Only group names are valid; a numerical group ID is not recognized.
 By default, login is allowed for all groups.
+The allow/deny directives are processed in the following order:
+.Cm DenyUsers ,
+.Cm AllowUsers ,
+.Cm DenyGroups ,
+and finally
+.Cm AllowGroups .
 .Pp
 See
 .Sx PATTERNS
@@ -124,6 +130,12 @@ By default, login is allowed for all users.
 If the pattern takes the form USER@HOST then USER and HOST
 are separately checked, restricting logins to particular
 users from particular hosts.
+The allow/deny directives are processed in the following order:
+.Cm DenyUsers ,
+.Cm AllowUsers ,
+.Cm DenyGroups ,
+and finally
+.Cm AllowGroups .
 .Pp
 See
 .Sx PATTERNS
@@ -234,6 +246,12 @@ Login is disallowed for users whose primary group or supplementary
 group list matches one of the patterns.
 Only group names are valid; a numerical group ID is not recognized.
 By default, login is allowed for all groups.
+The allow/deny directives are processed in the following order:
+.Cm DenyUsers ,
+.Cm AllowUsers ,
+.Cm DenyGroups ,
+and finally
+.Cm AllowGroups .
 .Pp
 See
 .Sx PATTERNS
@@ -249,6 +267,12 @@ By default, login is allowed for all users.
 If the pattern takes the form USER@HOST then USER and HOST
 are separately checked, restricting logins to particular
 users from particular hosts.
+The allow/deny directives are processed in the following order:
+.Cm DenyUsers ,
+.Cm AllowUsers ,
+.Cm DenyGroups ,
+and finally
+.Cm AllowGroups .
 .Pp
 See
 .Sx PATTERNS

diff --git a/sshd_config.5 b/sshd_config.5 index 8c714444b..2fc2d057e 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.53 2006/02/24 23:51:17 jmc Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.54 2006/02/25 12:28:34 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
@@ -101,6 +101,12 @@ If specified, login is allowed only for users whose primary
101	group or supplementary group list matches one of the patterns.	101	group or supplementary group list matches one of the patterns.
102	Only group names are valid; a numerical group ID is not recognized.	102	Only group names are valid; a numerical group ID is not recognized.
103	By default, login is allowed for all groups.	103	By default, login is allowed for all groups.
		104	The allow/deny directives are processed in the following order:
		105	.Cm DenyUsers ,
		106	.Cm AllowUsers ,
		107	.Cm DenyGroups ,
		108	and finally
		109	.Cm AllowGroups .
104	.Pp	110	.Pp
105	See	111	See
106	.Sx PATTERNS	112	.Sx PATTERNS
@@ -124,6 +130,12 @@ By default, login is allowed for all users.
124	If the pattern takes the form USER@HOST then USER and HOST	130	If the pattern takes the form USER@HOST then USER and HOST
125	are separately checked, restricting logins to particular	131	are separately checked, restricting logins to particular
126	users from particular hosts.	132	users from particular hosts.
		133	The allow/deny directives are processed in the following order:
		134	.Cm DenyUsers ,
		135	.Cm AllowUsers ,
		136	.Cm DenyGroups ,
		137	and finally
		138	.Cm AllowGroups .
127	.Pp	139	.Pp
128	See	140	See
129	.Sx PATTERNS	141	.Sx PATTERNS
@@ -234,6 +246,12 @@ Login is disallowed for users whose primary group or supplementary
234	group list matches one of the patterns.	246	group list matches one of the patterns.
235	Only group names are valid; a numerical group ID is not recognized.	247	Only group names are valid; a numerical group ID is not recognized.
236	By default, login is allowed for all groups.	248	By default, login is allowed for all groups.
		249	The allow/deny directives are processed in the following order:
		250	.Cm DenyUsers ,
		251	.Cm AllowUsers ,
		252	.Cm DenyGroups ,
		253	and finally
		254	.Cm AllowGroups .
237	.Pp	255	.Pp
238	See	256	See
239	.Sx PATTERNS	257	.Sx PATTERNS
@@ -249,6 +267,12 @@ By default, login is allowed for all users.
249	If the pattern takes the form USER@HOST then USER and HOST	267	If the pattern takes the form USER@HOST then USER and HOST
250	are separately checked, restricting logins to particular	268	are separately checked, restricting logins to particular
251	users from particular hosts.	269	users from particular hosts.
		270	The allow/deny directives are processed in the following order:
		271	.Cm DenyUsers ,
		272	.Cm AllowUsers ,
		273	.Cm DenyGroups ,
		274	and finally
		275	.Cm AllowGroups .
252	.Pp	276	.Pp
253	See	277	See
254	.Sx PATTERNS	278	.Sx PATTERNS