From: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> • Document what the evaluation order of AllowUsers, DenyUsers, AllowGroups and DenyGroups actually means. Fixes bug #2292. Signed-off-by: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> --- sshd_config.5 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sshd_config.5 b/sshd_config.5 index fd44abe..a10b113 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -116,6 +116,8 @@ The allow/deny directives are processed in the following order: .Cm DenyGroups , and finally .Cm AllowGroups . +The first one that matches determines whether the login is allowed or +denied, with the later processed directives being ignored. .Pp See PATTERNS in .Xr ssh_config 5 @@ -176,6 +178,8 @@ The allow/deny directives are processed in the following order: .Cm DenyGroups , and finally .Cm AllowGroups . +The first one that matches determines whether the login is allowed or +denied, with the later processed directives being ignored. .Pp See PATTERNS in .Xr ssh_config 5 @@ -460,6 +464,8 @@ The allow/deny directives are processed in the following order: .Cm DenyGroups , and finally .Cm AllowGroups . +The first one that matches determines whether the login is allowed or +denied, with the later processed directives being ignored. .Pp See PATTERNS in .Xr ssh_config 5 @@ -479,6 +485,8 @@ The allow/deny directives are processed in the following order: .Cm DenyGroups , and finally .Cm AllowGroups . +The first one that matches determines whether the login is allowed or +denied, with the later processed directives being ignored. .Pp See PATTERNS in .Xr ssh_config 5 -- 2.1.4 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev