From af5755008e0b640979d321bc2019e9c7be8fe194 Mon Sep 17 00:00:00 2001 From: Olivier Blin Date: Tue, 21 Feb 2017 00:19:36 +0100 Subject: Remove unnecessary AllowGroups sshd restriction on rabbit This is already covered by pam.d/system-auth, which only allows local users and authorized access classes. Otherwise, login fails: sshd[1234]: fatal: Access denied for user XXX by PAM account configuration [preauth] --- modules/openssh/templates/sshd_config | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config index ebf595d4..9faa314b 100644 --- a/modules/openssh/templates/sshd_config +++ b/modules/openssh/templates/sshd_config @@ -126,7 +126,3 @@ Subsystem sftp <%= path_to_sftp %>/sftp-server Match User *,!schedbot,!root,!git Group *,!mga-sysadmin ForceCommand /usr/local/bin/sv_membersh.pl -c "$SSH_ORIGINAL_COMMAND" <% end %> - -<% if @hostname == 'rabbit' then %> -AllowGroups root mga-unrestricted_shell_access mga-iso_makers mga-sysadmin iurt -<% end %> -- cgit v1.2.1