[augeas-devel] Failed to set AllowUsers in sshd_config
Tim Chen
tim.chen.86 at gmail.com
Thu Mar 28 08:25:16 UTC 2013
Hi,
I'm trying to set up AllowUsers in sshd_config with augtool, but failed.
I tried below:
augtool> set /files/etc/ssh/sshd_config/AllowUsers user
augtool> save
error: Failed to execute command
saving failed (run 'print /augeas//error' for details)
augtool> print /augeas//error
The error log is attached.
But commands like below can be saved without problem:
set /files/etc/ssh/sshd_config/Port 1022
set /files/etc/ssh/sshd_config/PermitRootLogin no
Packages version:
augeas-lenses-1.0.0-0ubuntu1
augeas-tools-1.0.0-0ubuntu1
libaugeas0-1.0.0-0ubuntu1
OS: ubuntu 12.04.2
--
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20130328/002598be/attachment.htm>
-------------- next part --------------
/augeas/files/etc/default/whoopsie/error = "parse_failed"
/augeas/files/etc/default/whoopsie/error/pos = "1"
/augeas/files/etc/default/whoopsie/error/line = "2"
/augeas/files/etc/default/whoopsie/error/char = "0"
/augeas/files/etc/default/whoopsie/error/lens =
"/usr/share/augeas/lenses/dist/shellvars.aug:138.12-.89:"
/augeas/files/etc/default/whoopsie/error/message = "Syntax error"
/augeas/files/etc/ssh/sshd_config/error = "put_failed"
/augeas/files/etc/ssh/sshd_config/error/path = "/files/etc/ssh/sshd_config"
/augeas/files/etc/ssh/sshd_config/error/lens =
"/usr/share/augeas/lenses/dist/sshd.aug:123.12-125.36:"
/augeas/files/etc/ssh/sshd_config/error/message = "Failed to match \n ({
/#comment/ = /[^\\001-\\004\\t\\n ][^\\001-\\004\\n]*[^\\001-\\004\\t\\n
]|[^\\001-\\004\\t\\n ]/ } | { } | { /AcceptEnv/ } | { /AllowGroups/ } | {
/AllowUsers/ } | { /DenyGroups/ } | { /Subsystem/ } | { /DenyUsers/ } | {
/MACs/ } | {
/AcceptEn((v[0-9A-Za-z]|[0-9A-Za-uw-z])[0-9A-Za-z]*|)|AcceptE([0-9A-Za-mo-z][0-9A-Za-z]*|)|Accept([0-9A-DF-Za-z][0-9A-Za-z]*|)|Accep([0-9A-Za-su-z][0-9A-Za-z]*|)|Acce([0-9A-Za-oq-z][0-9A-Za-z]*|)|Acc([0-9A-Za-df-z][0-9A-Za-z]*|)|Allow(Group((s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|Grou([0-9A-Za-oq-z][0-9A-Za-z]*|)|Gro([0-9A-Za-tv-z][0-9A-Za-z]*|)|Gr([0-9A-Za-np-z][0-9A-Za-z]*|)|User((s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|Use([0-9A-Za-qs-z][0-9A-Za-z]*|)|Us([0-9A-Za-df-z][0-9A-Za-z]*|)|U([0-9A-Za-rt-z][0-9A-Za-z]*|)|G([0-9A-Za-qs-z][0-9A-Za-z]*|)|[0-9A-FH-TV-Za-z][0-9A-Za-z]*|)|Allo([0-9A-Za-vx-z][0-9A-Za-z]*|)|All([0-9A-Za-np-z][0-9A-Za-z]*|)|Al([0-9A-Za-km-z][0-9A-Za-z]*|)|Ac([0-9A-Zabd-z][0-9A-Za-z]*|)|DenyGroup((s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|DenyGrou([0-9A-Za-oq-z][0-9A-Za-z]*|)|DenyGro([0-9A-Za-tv-z][0-9A-Za-z]*|)|DenyGr([0-9A-Za-np-z][0-9A-Za-z]*|)|DenyUser((s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|DenyUse([0-9A-Za-qs-z][0-9A-Za-z]*|)|DenyUs([0-9A-Za-df-z][0-9A-Za-z]*|)|DenyU([0-9A-Za-rt-z][0-9A-Za-z]*|)|DenyG([0-9A-Za-qs-z][0-9A-Za-z]*|)|Deny([0-9A-FH-TV-Za-z][0-9A-Za-z]*|)|Den([0-9A-Za-xz][0-9A-Za-z]*|)|De([0-9A-Za-mo-z][0-9A-Za-z]*|)|MAC((s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|Matc((h[0-9A-Za-z]|[0-9A-Za-gi-z])[0-9A-Za-z]*|)|Mat([0-9A-Zabd-z][0-9A-Za-z]*|)|Ma([0-9A-Za-su-z][0-9A-Za-z]*|)|MA([0-9ABD-Za-z][0-9A-Za-z]*|)|Subsyste((m[0-9A-Za-z]|[0-9A-Za-ln-z])[0-9A-Za-z]*|)|Subsyst([0-9A-Za-df-z][0-9A-Za-z]*|)|Subsys([0-9A-Za-su-z][0-9A-Za-z]*|)|Subsy([0-9A-Za-rt-z][0-9A-Za-z]*|)|Subs([0-9A-Za-xz][0-9A-Za-z]*|)|Sub([0-9A-Za-rt-z][0-9A-Za-z]*|)|Su([0-9A-Zac-z][0-9A-Za-z]*|)|(S[0-9A-Za-tv-z]|M[0-9B-Zb-z]|D[0-9A-Za-df-z]|A[0-9A-Zabd-km-z]|[0-9BCE-LN-RT-Za-z][0-9A-Za-z])[0-9A-Za-z]*|S|M|D|A|[0-9BCE-LN-RT-Za-z]/
= /[^\\001-\\004\\t\\n ]+([\\t ]+[^\\001-\\004\\t\\n ]+)*/ })*{ /Match/ }*\n
with tree\n { \"#comment\" = \"Package generated configuration file\" } {
\"#comment\" = \"See the sshd_config(5) manpage for details\" } { } {
\"#comment\" = \"What ports, IPs and protocols we listen for\" } { \"Port\" =
\"22\" } { \"#comment\" = \"Use these options to restrict which
interfaces/protocols sshd will bind to\" } { \"#comment\" = \"ListenAddress
::\" } { \"#comment\" = \"ListenAddress 0.0.0.0\" } { \"Protocol\" = \"2\" } {
\"#comment\" = \"HostKeys for protocol version 2\" } { \"HostKey\" =
\"/etc/ssh/ssh_host_rsa_key\" } { \"HostKey\" = \"/etc/ssh/ssh_host_dsa_key\"
} { \"HostKey\" = \"/etc/ssh/ssh_host_ecdsa_key\" } { \"#comment\" =
\"Privilege Separation is turned on for security\" } {
\"UsePrivilegeSeparation\" = \"yes\" } { } { \"#comment\" = \"Lifetime and
size of ephemeral version 1 server key\" } { \"KeyRegenerationInterval\" =
\"3600\" } { \"ServerKeyBits\" = \"768\" } { } { \"#comment\" = \"Logging\" }
{ \"SyslogFacility\" = \"AUTH\" } { \"LogLevel\" = \"INFO\" } { } {
\"#comment\" = \"Authentication:\" } { \"LoginGraceTime\" = \"120\" } {
\"#comment\" = \"PermitRootLogin yes\" } { \"#comment\" = \"PermitRootLogin
no\" } { \"StrictModes\" = \"yes\" } { } { \"RSAAuthentication\" = \"yes\" }
{ \"PubkeyAuthentication\" = \"yes\" } { \"#comment\" =
\"AuthorizedKeysFile\t%h/.ssh/authorized_keys\" } { } { \"#comment\" =
\"Don't read the user's ~/.rhosts and ~/.shosts files\" } { \"IgnoreRhosts\" =
\"yes\" } { \"#comment\" = \"For this to work you will also need host keys in
/etc/ssh_known_hosts\" } { \"RhostsRSAAuthentication\" = \"no\" } {
\"#comment\" = \"similar for protocol version 2\" } {
\"HostbasedAuthentication\" = \"no\" } { \"#comment\" = \"Uncomment if you
don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication\" } { \"#comment\"
= \"IgnoreUserKnownHosts yes\" } { } { \"#comment\" = \"To enable empty
passwords, change to yes (NOT RECOMMENDED)\" } { \"PermitEmptyPasswords\" =
\"no\" } { } { \"#comment\" = \"Change to yes to enable challenge-response
passwords (beware issues with\" } { \"#comment\" = \"some PAM modules and
threads)\" } { \"ChallengeResponseAuthentication\" = \"no\" } { } {
\"#comment\" = \"Change to no to disable tunnelled clear text passwords\" } {
\"#comment\" = \"PasswordAuthentication yes\" } { } { \"#comment\" =
\"Kerberos options\" } { \"#comment\" = \"KerberosAuthentication no\" } {
\"#comment\" = \"KerberosGetAFSToken no\" } { \"#comment\" =
\"KerberosOrLocalPasswd yes\" } { \"#comment\" = \"KerberosTicketCleanup yes\"
} { } { \"#comment\" = \"GSSAPI options\" } { \"#comment\" =
\"GSSAPIAuthentication no\" } { \"#comment\" = \"GSSAPICleanupCredentials
yes\" } { } { \"X11Forwarding\" = \"yes\" } { \"X11DisplayOffset\" = \"10\" }
{ \"PrintMotd\" = \"no\" } { \"PrintLastLog\" = \"yes\" } { \"TCPKeepAlive\" =
\"yes\" } { \"#comment\" = \"UseLogin no\" } { } { \"#comment\" =
\"MaxStartups 10:30:60\" } { \"#comment\" = \"Banner /etc/issue.net\" } { } {
\"#comment\" = \"Allow client to pass locale environment variables\" } {
\"AcceptEnv\" } { } { \"Subsystem\" } { } { \"#comment\" = \"Set this to
'yes' to enable PAM authentication, account processing,\" } { \"#comment\" =
\"and session processing. If this is enabled, PAM authentication will\" } {
\"#comment\" = \"be allowed through the ChallengeResponseAuthentication and\"
} { \"#comment\" = \"PasswordAuthentication. Depending on your PAM
configuration,\" } { \"#comment\" = \"PAM authentication via
ChallengeResponseAuthentication may bypass\" } { \"#comment\" = \"the setting
of \"PermitRootLogin without-password\".\" } { \"#comment\" = \"If you just
want the PAM account and session checks to run without\" } { \"#comment\" =
\"PAM authentication, then enable this but set PasswordAuthentication\" } {
\"#comment\" = \"and ChallengeResponseAuthentication to 'no'.\" } { \"UsePAM\"
= \"yes\" } { \"#comment\" = \"PermitRootLogin yes\" } { \"PermitRootLogin\" =
\"no\" } { \"PasswordAuthentication\" = \"yes\" } { \"AllowUsers\" = \"user\"
}"
/augeas/files/etc/hostname/error = "parse_failed"
/augeas/files/etc/hostname/error/pos = "0"
/augeas/files/etc/hostname/error/line = "1"
/augeas/files/etc/hostname/error/char = "0"
/augeas/files/etc/hostname/error/lens =
"/usr/share/augeas/lenses/dist/hostname.aug:16.10-.57:"
/augeas/files/etc/hostname/error/message = "Input string does not match at
all"
/augeas/files/etc/mke2fs.conf/error = "parse_failed"
/augeas/files/etc/mke2fs.conf/error/pos = "82"
/augeas/files/etc/mke2fs.conf/error/line = "3"
/augeas/files/etc/mke2fs.conf/error/char = "0"
/augeas/files/etc/mke2fs.conf/error/lens =
"/usr/share/augeas/lenses/dist/mke2fs.aug:132.10-.49:"
/augeas/files/etc/mke2fs.conf/error/message = "Get did not match entire input"
More information about the augeas-devel
mailing list