From owner-freebsd-questions@freebsd.org  Fri Mar 27 17:04:31 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFE3827B415
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Fri, 27 Mar 2020 17:04:31 +0000 (UTC)
 (envelope-from jjohnstone@tridentusa.com)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam12on2051.outbound.protection.outlook.com [40.107.244.51])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48pp9d1BKCz3xVT
 for <freebsd-questions@freebsd.org>; Fri, 27 Mar 2020 17:04:20 +0000 (UTC)
 (envelope-from jjohnstone@tridentusa.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=HTNViLASkSq4ihupJS6cVphwAr1QBHB0orEmo2WkgA7RMxm4S+3btyk5fdRFWmdAYUkqpLRCs8UVQxKzMspLkyFnVvAR17xwgR40iSFk2KraGQpv/wThtdGPQp3nRSWENG+6DFYl8H91YnKap5A7NVaeYjE7d538AneeU6hnKZYbK3Z9sTb9o+lOe0Vqn+jY7bW1uxpHnS2blWUibAvimFZjOMvjhNfJtx3PJG0x/gPlrugPMQUXptPy8qTdlKM4cPajSfb00YmZrFZxT2r3nAdzz6FO2T9g9T+Pt3Ur84nVzs4IzCSxTKVzBnhAkhpxmqtPz1niPIPl7V4UY/LlRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=H58LOpbWNI1Sir+qTENBstkFju0pAllwbgCS86xIaE0=;
 b=fIuRCVyyKbbA9lmrvJxsK0V8VhfCFFprGTYTc95vFVedvYHxjbm5zmxooHzVRWQdjABpG5JDw8ydEj8h3DiEiE2J2xJRCulh3px1EuIeDmNT6mKMtlRVNJ8SbHSrgRUhip8nn8fRkO8vkJ5/LN0N0iHDR4sK2cTBGldCLePkr+/OKM1p6+gJqu5RxC6Jr+ic7E+fItbQYDq3pXQo5SYGTSBZ216IQwZ4azK7UCQK3svIEhpLdTbqwQlfwu+HGFnJrUbxiGzo8TGK2cWMOArSUAsiYHMMZa5MP8H7VR1ICSBksqufcA/baBRAR2JZvJ/P+vWN7x1TNEOF3GMMjhsylQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=tridentusa.com; dmarc=pass action=none
 header.from=tridentusa.com; dkim=pass header.d=tridentusa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=tridentusa90.onmicrosoft.com; s=selector1-tridentusa90-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=H58LOpbWNI1Sir+qTENBstkFju0pAllwbgCS86xIaE0=;
 b=gG6eHGfl/mKXUqqm3KWEm7heioDPUJYNIn1tJNQST+vAA+zdTJ0SxKzUwicnpciqMMP2H9Mo8yehDlDgb0zoS8PQZjqrqUo7Yqdx8dxMRkG0vf/isNJrniW7UhBcqKR/uNAMLWEQFXR6uwVCb/zBlXdRT2Xbb6qEOOCU9Qq5whw=
Received: from MN2PR20MB3118.namprd20.prod.outlook.com (2603:10b6:208:1b8::27)
 by MN2PR20MB2911.namprd20.prod.outlook.com (2603:10b6:208:1be::25)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Fri, 27 Mar
 2020 17:04:10 +0000
Received: from MN2PR20MB3118.namprd20.prod.outlook.com
 ([fe80::29ed:73e:66dd:a5d9]) by MN2PR20MB3118.namprd20.prod.outlook.com
 ([fe80::29ed:73e:66dd:a5d9%6]) with mapi id 15.20.2856.019; Fri, 27 Mar 2020
 17:04:10 +0000
Subject: Re: sshd not allowing a subgroup to authenticate according to it's
 authentication method
To: freebsd-questions@freebsd.org
References: <CAPORhP4TQFMVcL1TGUb=Ex+Dkp+P7AP8k8=aNDmhxAz00U=60A@mail.gmail.com>
 <208460FC-FD0D-48F8-987A-A3B589B3A8B0@huiekin.org>
 <CAPORhP5pb-oEd0bjbY1uYKvTNr4i1FCpj6yvnTJvjVXy4o8vWA@mail.gmail.com>
 <08e9df84-343c-1cf1-a0eb-ccd63e25deeb@tridentusa.com>
 <CAPORhP6LLTpCT+BY1BAZYKd4UGz7noFGs9JM8xZcCEb5yF8skw@mail.gmail.com>
From: John Johnstone <jjohnstone-freebsdquestions@tridentusa.com>
Message-ID: <4d8109a6-da41-1adc-382c-ccfe0642c397@tridentusa.com>
Date: Fri, 27 Mar 2020 13:04:08 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0)
 Gecko/20100101 Thunderbird/68.6.0
In-Reply-To: <CAPORhP6LLTpCT+BY1BAZYKd4UGz7noFGs9JM8xZcCEb5yF8skw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: MN2PR02CA0013.namprd02.prod.outlook.com
 (2603:10b6:208:fc::26) To MN2PR20MB3118.namprd20.prod.outlook.com
 (2603:10b6:208:1b8::27)
MIME-Version: 1.0
Sender: John Johnstone <jjohnstone@tridentusa.com>
X-MS-Exchange-MessageSentRepresentingType: 2
Received: from Johns-MBP.fios-router.home (71.255.81.56) by
 MN2PR02CA0013.namprd02.prod.outlook.com (2603:10b6:208:fc::26) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2856.19 via Frontend Transport; Fri, 27 Mar 2020 17:04:09 +0000
X-Originating-IP: [71.255.81.56]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 37509314-95e8-46ce-53da-08d7d270ddfc
X-MS-TrafficTypeDiagnostic: MN2PR20MB2911:
X-Microsoft-Antispam-PRVS: <MN2PR20MB291140185EE4938F5616F4AEACCC0@MN2PR20MB2911.namprd20.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4502;
X-Forefront-PRVS: 0355F3A3AE
X-Forefront-Antispam-Report: SFV:NSPM;
 SFS:(10009020)(396003)(366004)(136003)(376002)(39830400003)(346002)(81156014)(31686004)(81166006)(4744005)(66556008)(8936002)(26005)(66946007)(6486002)(6512007)(7846003)(53546011)(6506007)(66476007)(5660300002)(8676002)(316002)(2616005)(2906002)(956004)(52116002)(186003)(16526019)(36756003)(6916009)(508600001)(31696002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR20MB2911;
 H:MN2PR20MB3118.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; 
Received-SPF: None (protection.outlook.com: tridentusa.com does not designate
 permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: vNp85XiY6+NGkxymYTulX/68o1xpPkEiPrjLUafPGzrxSus4CXdzqkS8abYJ6ntEJP/ULeT/CAy92Zju4XCTgyN+sPZOye1H/JZC1t5oZl1VUjQ8McYy3W6S08sKxlClxIQtm1J7kOIqgFbwBgtKzSI5roSXjNr5JgEaB6LFWoSophFtZAV+VArK3HfoxFBrad8qXvLON6jUu9kmMk2Q89tIeEpJGtvG6t+NOfZkK+AIGwu6DrdctmVoS3NK7rX+DFXG9plZtbENdT6/Rw0Wg4LmMPUfhIqU3aKIySQ0OxDoWBqFp1ElAU5HZKFQxRdolmDJv5nguS2i3oe7j0g0FIXvaR+Wt5G08+6OTy93h+wp9ZKGcYS2XuCjJqv0eQV0mBmLEjZHPknMJ/B8pcoM6MZSKAVqZUxoEUuBQCgnPEhhpCi+AJ7xbj5Dq1312KTe
X-MS-Exchange-AntiSpam-MessageData: IY/3gAjTZwB6txP2tv5zgfJ0dD3Y8ayOtBjFO3zdcL85amiUcZMwvP3Mr2xb0K2qU2E1cJE8jNeHnUC6C9wxWTV4dbtPHtf6fKhQXdXUJC4xhDstrDDjrgnfGoRwr8jq5zXmT/c9aj7agiMFS5uKAA==
X-OriginatorOrg: tridentusa.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 37509314-95e8-46ce-53da-08d7d270ddfc
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2020 17:04:09.9715 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: a5d010c5-207b-4510-bdaf-c382c7a8c714
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: yT33M7XckuInfyrhsON0ZHqFGtKJk2+nhBsEIq+CcsjlXus8vaIqjyLI1rfTAB/MU//3Rkp2NvylkZALMBej8WVvJ2vjZGBzC/utY9zJE1E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR20MB2911
X-Rspamd-Queue-Id: 48pp9d1BKCz3xVT
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=tridentusa90.onmicrosoft.com
 header.s=selector1-tridentusa90-onmicrosoft-com header.b=gG6eHGfl; 
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of jjohnstone@tridentusa.com designates
 40.107.244.51 as permitted sender) smtp.mailfrom=jjohnstone@tridentusa.com
X-Spamd-Result: default: False [-4.58 / 15.00];
 IP_SCORE(-1.38)[ipnet: 40.64.0.0/10(-3.75), asn: 8075(-3.13), country:
 US(-0.05)]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[tridentusa90.onmicrosoft.com:s=selector1-tridentusa90-onmicrosoft-com];
 HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[tridentusa.com];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCVD_COUNT_THREE(0.00)[4];
 DKIM_TRACE(0.00)[tridentusa90.onmicrosoft.com:+];
 RCVD_IN_DNSWL_NONE(0.00)[51.244.107.40.list.dnswl.org : 127.0.3.0];
 FORGED_SENDER(0.30)[jjohnstone-freebsdquestions@tridentusa.com,jjohnstone@tridentusa.com];
 RECEIVED_SPAMHAUS_PBL(0.00)[56.81.255.71.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.10]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US];
 FROM_NEQ_ENVFROM(0.00)[jjohnstone-freebsdquestions@tridentusa.com,jjohnstone@tridentusa.com];
 MID_RHS_MATCH_FROM(0.00)[]; ARC_ALLOW(-1.00)[i=1]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 17:04:32 -0000

On 3/26/20 2:31 PM, David Mehler wrote:
> Hello,
> 
> Apparently is with my AuthenticationMethods option, for some reason
> having that defined will not let any MatchGroup definitions take
> effect. Any ideas?
> 
> Thanks.
> Dave.

You could try removing it.  AuthenticationMethods is not in my 
configuration and I think my environment matches what you are looking 
for.  It's also not in the stock sshd_config so perhaps it is not needed.

-
John J.