IBM Support

SSHD: How to override DenyGroups for specific users

How To


Summary

How to allow ssh login for members of a denied group.

Objective

UserA and UserB are members of GroupA. GroupA is denied SSH login in /etc/ssh/ssdd_config

DenyGroups GroupA

The following steps demonstrate how to override the setting, for specific users.

Steps

Add a "Match" statement to override the rule for comma-separated users.
# vi /etc/ssh/sshd_config
DenyGroups GroupA
   Match User UserA,UserB
        DenyGroups none
Stop, and restart sshd.
# stopsrc -s sshd
# startsrc -s sshd

Additional Information

SUPPORT

If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  

1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2. Capture any logs or data relevant to the situation.

3. Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4. Provide a clear, concise description of the issue.

 - For more information, see: Working with IBM AIX Support: Describing the problem.

5. If the system is accessible, collect a system snap, and upload all of the details and data for your case.

 - For more information, see: Working with IBM AIX Support: Collecting snap data

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzvAAA","label":"Security->OPENSSH\/OPENSSL"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
30 June 2021

UID

ibm16468479

Page Feedback