sshd_tests

1. This is an overview of sshd_config tests being performed as part of [this post](https://askubuntu.com/questions/649796/allow-specified-ssh-to-connect-only-from-one-ip-or-hostnme/649798?noredirect=1#comment933325_649798
2. ). In an effort to block the `test` user from being able to be connect to from any server except the one specified.
3.  
4. ## Versioning
5. * Ubuntu 14.04
6. * OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
7.  
8. ## Context
9. Testing a username of test on host 10.1.0.3 which is also specified as bob.programster.org in the /etc/hosts file of the server being logged into.
10.  
11. ### Unexpected Behaviour
12. When being denied permission in most of the cases below, instead of getting "permission denied" when trying to connect, you will be asked for your password several times, and you will be rejected after your third attempt, making you think your password was incorrect when actually you are just being denied.
13.  
14. ## Test Cases
15.  
16. ### Block Placement
17. Using from just underneath `PasswordAuthentication yes`
18. ```
19. Match Host *
20. DenyUsers test
21. Match Host 10.1.0.3
22. AllowUsers test
23. ```
24.  
25. This results in not being able to SSH in from anywhere with any account.
26.  
27. **The rest of the tests are with the block placed at the end of the config.**
28.  
29. ### Using Provided Solution
30. Using the same config, but at the end of the file.
31. ```
32. Match Host *
33. DenyUsers test
34. Match Host 10.1.0.3
35. AllowUsers test
36. ```
37.  
38. Result:
39. * Can log into non-test user on 10.1.0.3, but not `test` user. (Need to log in as test user. Nice if still able to log into other accounts from this server but not necesary)
40. * Can log into non-test user on any server, but not `test` user. (This part is desired)
41.  
42. ### Using Hostname with Address
43. ```
44. Match Address *
45. DenyUsers test
46. Match Address bob.programster.org
47. AllowUsers test
48. ```
49.  
50. Result:
51. * Can log into non-test user on 10.1.0.3, but not `test` user. (Need to log in as test user. Nice if still able to log into other accounts from this server but not necesary)
52. * Can log into non-test user on any server, but not `test` user. (This part is desired)
53.  
54.  
55. ### Using Hostname with Host
56. ```
57. Match Host *
58. DenyUsers test
59. Match Host bob.programster.org
60. AllowUsers test
61. ```
62.  
63. Result:
64. * Can't log into **any** account on 10.1.0.3, but can log in as non-test user on any other server.
65.  
66.  
67. ### Using Address Instead of Host
68. ```
69. Match Address *
70. DenyUsers test
71. Match Address 10.1.0.3
72. AllowUsers test
73. ```
74.  
75. Result:
76. * Can't log into **any** account on 10.1.0.3, but can log in as non-test user on any other server.
77.  
78.  
79.  
80. ### Mixed Address and Host
81. ```
82. Match Address *
83. DenyUsers test
84. Match Host bob.programster.org
85. AllowUsers test
86. ```
87. Result:
88. * Can't log into **any** account on 10.1.0.3, but can log in as non-test user on any other server.
89.  
90.  
91. ### Mixed Address and Host 2
92. ```
93. Match Host *
94. DenyUsers test
95. Match Address 10.1.0.3
96. AllowUsers test
97. ```
98.  
99. Result:
100. * Can't log into **any** account on 10.1.0.3, but can log in as non-test user on any other server.