Skip to content

v7.9.0.0p1-Beta breaks with multiple groups #1354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Enxer opened this issue Mar 12, 2019 · 7 comments
Closed

v7.9.0.0p1-Beta breaks with multiple groups #1354

Enxer opened this issue Mar 12, 2019 · 7 comments
Labels
Issue-Bug
Milestone
v8.0.0.0p1-Beta

Comments

@Enxer
Copy link

Enxer commented Mar 12, 2019

"OpenSSH for Windows" version 7.9.0.0
Server OperatingSystem Windows 10 Enterprise
Client OperatingSystem Windows 10 Enterprise
What is failing: v7.9.0.0p1-Beta broke multiple Match conditions
Expected output: Authentication
Actual output: Repeated access denied

SSHD_config with multiple group matches:
sshd_config.txt

Output of trying to connect:
debug3.txt

The user in question is apart of the DOMAIN\Helpdesk-local-admins group
If I downgrade the sshd binaries to v7.7.2.0p1-Beta it works without issue.
@NoMoreFood
Copy link

Seems to be reproducible. Looking into it.

@NoMoreFood
Copy link

Pull request is in: PowerShell/openssh-portable#380

@Enxer: Can you try the binaries posted here:

https://github.com/NoMoreFood/openssh-portable/releases/tag/v7.9-merge-2

@Enxer
Copy link
Author

Enxer commented Mar 15, 2019

Hi Bryan,

I get the same results.
sshd.log

My account: (Get-ADUser username –Properties MemberOf).MemberOf -match 'helpdesk'
CN=Helpdesk-local-admins,OU=Local Administrators,OU=Security Groups,OU=MyBusiness,DC=domain,DC=local

SSHD_Config:
sshd_config.txt

I am working with the 64 bit binaries if that matters.

@NoMoreFood
Copy link

NoMoreFood commented Mar 15, 2019
edited
Loading

Just to make sure, you replaced the server (sshd.exe) binaries with these and restarted the service? Just weird that I was able to reproduce a similar behavior, find an exact cause, and it's different from the one you reported.

(Also can you delete your comment in the PR --- just don't want to somebody to respond to it over there)

@NoMoreFood
Copy link

The latest log makes it look like user (e.g., "nbentiznger") does not exist on the system. Can you confirm it does?

@Enxer
Copy link
Author

Enxer commented Mar 15, 2019

ah! - that's what I get for fat fingering my account name. I just re-tested and I got in. It is probably too late for me to be testing.
The correct name worked. Thanks Bryan I think we can close this out.

@NoMoreFood
Copy link

@Enxer Thanks for the update. As I mentioned, can you please remove your comment from the pull request so we don't confused the efficacy of that change. I'd say let's keep the issue open until this is officially released. Thanks!

@manojampalam manojampalam added this to the vNext milestone Mar 25, 2019
@NoMoreFood NoMoreFood mentioned this issue Mar 25, 2019
Merged
manojampalam pushed a commit to PowerShell/openssh-portable that referenced this issue Mar 25, 2019
@NoMoreFood @manojampalam
Address Group Matching Issue (#380)
afe4880 
- Addressed group mapping issue caused by the username being used after being freed.
PowerShell/Win32-OpenSSH#1354
@NoMoreFood NoMoreFood mentioned this issue Mar 28, 2019
Closed
@manojampalam manojampalam modified the milestones: vNext, v8.0.0.0p1-Beta Jun 23, 2019
@jrohbock jrohbock mentioned this issue Jan 24, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Bug
Projects
None yet
Milestone
v8.0.0.0p1-Beta
Development

No branches or pull requests
3 participants
@Enxer @NoMoreFood @manojampalam