Date: Mon, 24 Apr 2000 16:43:34 -0700 (PDT) From: Bhishan Hemrajani <bhishan@cytosine.dhs.org> To: Noor Dawod <noor@comrax.com> Cc: freebsd-questions@freebsd.org Subject: Re: login.conf and ssh Message-ID: <200004242343.e3ONhZ354462@cytosine.dhs.org> In-Reply-To: <AJEKICLEDNDCBKDJGHGFCEIMCHAA.noor@comrax.com> from Noor Dawod at "Apr 24, 2000 08:11:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
A couple things come to mind. 1. Did you "su" to the user, or did you login by opening a new connection to the server? Doing a "su" will not work. 2. Did you make the database for /etc/login.conf? If you did not, this is what you should do: # cap_mkdb /etc/login.conf 3. When logged in as the user type "limit". Does the time limit come up? --bhishna > Hello all, > > I have a 4.0-STABLE system and I allow clients to connect via ssh only. I > use ssh -i to launch ssh from /etc/inetd.conf. > > Although I've set a class in /etc/login.conf to allow logins only at > specific times, and assigned a user to this class, then tried to logon to > this user at a restricted time, it did login. > > My conclusion is either: > > 1. ssh do not care about login.conf, which in turn allows me to login at a > restricted time. > 2. ssh is aware about login.conf, but I did a mistake. > > So, here's the class I've built in login.conf: > > standard:\ > :copyright=/etc/COPYRIGHT:\ > :welcome=/etc/motd:\ > > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/vi,FTP_PASSIVE_MODE=YES > :\ > :path=/usr/local/bin /usr/local/sbin /usr/local/libexec > /usr/local/samba/bin /bin /usr/bin > :manpath=/usr/share/man /usr/local/man:\ > :nologin=/etc/nologin:\ > :cputime=unlimited:\ > :datasize=10M:\ > :stacksize=3M:\ > :memorylocked=5M:\ > :memoryuse=10M:\ > :filesize=unlimited:\ > :coredumpsize=unlimited:\ > :openfiles=32:\ > :maxproc=16:\ > :requirehome:\ > :priority=0:\ > :ignoretime@:\ > :umask=022: > :times.allow=SuMoTuWeTh0900-2200,Fr0900-1800: > > The last line lists the allowed times. If I login, say at Friday 19:00pm, > the system should not allow it, but it does. > > What am I doing wrong, and is ssh aware of login.conf? (it is a system > setting, is it not?) > > Thank you in advance. > > Noor > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004242343.e3ONhZ354462>