System not allowing ssh to proceed

When attempting to use ssh, trying to access my Router's login from the LAN side, I am getting the following inexplicable errors:

Attempting connection ...
/etc/ssh/ssh_config: line 70: Bad configuration option: denyusers
/etc/ssh/ssh_config: line 71: Bad configuration option: denygroups
/etc/ssh/ssh_config: line 77: Bad configuration option: allowusers
/etc/ssh/ssh_config: line 78: Bad configuration option: allowgroups
/etc/ssh/ssh_config: terminating, 6 bad configuration options

My /etc/ssh/ssh_config file contains the following entries:

###     Group 1 - Restrictive
DenyUsers root 
DenyGroups root

###     Group 2 - Permissive
AllowUsers myuser
AllowGroups myuser

According to various references, the above entries are valid, yet ssh is flagging those as "Bad configuration".

Does anybody know why?

Hi, @ericmarceau :slight_smile:

I believe that the problem is those keywords that you are trying to use ("DenyUsers", "DenyGroups", "AllowUsers" and "AllowGroups") belong in the /etc/ssh/sshd_config file (which is the SSH Server configuration file) but you are trying to put them in the /etc/ssh/ssh_config (which is the SSH Client configuration file) instead.

The following "man" pages show which keywords are valid in each one of those files:

man ssh_config

man sshd_config

I hope this helps :slight_smile:

4 Likes

Thank you, Ricardo.

I do not have sshd running. I am trying to control outgoing ssh.

How do I specify

  • limit which users are allowed to use outgoing ssh
  • limit which groups are allowed to use outgoing ssh
  • limit which hosts are allowed to be contacted with outgoing ssh

My purpose in doing so is to control misuse of outgoing ssh by trojans, viruses or other malware. Given that objective, is that only controllable via firewall? or can configuration of ssh limit such misuse?

Hi again, Eric :slight_smile:

OK. So you're worried about outgoing SSH connections made by the SSH client program in your computer. The best I could find about that is the following article (please, check it and see if it helps):

4 Likes