PowerShell
CIDR notation in AllowUsers is not recongnized in sshd_config
"OpenSSH for Windows" version
((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
7.7.2.3
Server OperatingSystem
((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName)
Windows 10 Pro
Client OperatingSystem Debian 10
cat /etc/debian_release
10.9
ssh -V
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019
What is failing If I set the hostname as CIDR in AllowUsers in sshd_config, I get a Permission denied message when I try to connect via ssh.
IP
- client: 192.168.10.99
- server: 192.168.10.55
Server's C:\ProgramData\sshd\ssh_config
AllowUsers [email protected]/24
AllowUsers [email protected]/24
Expected output
@client $ ssh -v -i ~/.ssh/id_ed25519 Kihara@server
...
debug1: Authentication succeeded (publickey).
...
@server $
Actual output
- client's ssh output
@client $ ssh -i ~/.ssh/id_ed25519 Kihara@server
[email protected]: Permission denied (publickey).
- server's log EventViewer > アプリケーションとサービスログ (Applications and Services Logs) > OpenSSH > Operational
sshd: User kihara from 192.168.10.99 not allowed because not listed in AllowUsers
sshd: Connection closed by invalid user Kihara 192.168.10.99 port 57178 [preauth]
Workaround After changing CIDR notation to wildcard, it works.
- AllowUsers [email protected]/24
- AllowUsers [email protected]/24
+ AllowUsers [email protected].*
+ AllowUsers [email protected].*
Had the same problem. When I try to run an sshd -T, it shows the "AllowUsers" config with a "\" in place of the "/" in the CIDR address, so maybe it has something to do with some kind of path translation?
