How to configure sshd_config to allow both local users and members of a group ssh access

Ken

3/6/24, 3:08 PM

The short version, I'm trying to both specify individual users as well as all members of a group to be able to ssh into my Ubuntu 20.04 system.

Long version... googling has been hit and miss. The solution I currently have is that the assigned 'owner' of the Linux system is listed as an individual user under the #Who can log in section:

AllowUsers billgates

Then lower in the file (actually at the very bottom/end) I have inserted the following:

Match group support_admins
AllowUsers *

So after doing some testing, I don't know if I'm exploiting something or if this is working as intended. Basically, I'm wondering if in my example if the "Match" function evaluates the next line as an "AND" statement? I have tested and it does not seem that members who are not a part of that group can log in... and if I change the AllowUsers to anything, it appears that the user needs to be a part of the group AND listed as an allowed user.

Can anyone tell me if there's an obvious security flaw with my logic here? Again the desired result is that the only people who can ssh to the systems are the assigned user and members of the group.

Thoughts?

0 + 0

ssh

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to configure sshd_config to allow both local users and members of a group ssh access

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.