[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: case sensitivity, "Match User" and "AllowUsers"
From: "Hu, Eric" <eric.hu () harman ! com>
Date: 2010-02-01 19:18:08
Message-ID: 12FF1C857C510C43BA8B1B028B69AD52BEC9E2 () HICGWSEX01 ! ad ! harman ! com
[Download RAW message or body]
Hello,
I sent this last week before signing up for the list, but haven't seen it in the \
archives, so I'm guessing it got discarded either as spam or HTML (sorry about that). \
In any case, the following was sent to comp.security.ssh early last week and I have \
gotten no response there. Can anyone here shed some light?
Thanks,
Eric
------------------------------------------
Hello,
I'm running an SSH daemon on Cygwin on Windows Server 2003. SSH version is 5.1. \
cygrunsrv version is 1.34. I have the following in my sshd_config file.
Match User user
ForceCommand start.sh
What some users have discovered is that they can log in with arbitrarily mixed case \
user names. For instance, logging in as "usEr" is exactly the same as logging in \
with "USer" as well as the other fourteen possible combinations for a four-letter \
username. Further, only the all-lowercase version invokes "start.sh." I thought I \
might be able to solve this with the following.
AllowUsers user
I thought this would force sshd to only let one case combination through. However, \
all case combinations can still log in and "start.sh" is not getting executed. In \
other words, there is a discrepancy between "Match User" and "AllowUsers" in this \
regard. Does anyone have any idea how to get around this? I don't want to add \
2^(length of user name) "Match User" entries to the sshd_config file for every user, \
which is the only remedy at the moment.
Thanks
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic