Date: Sat, 1 Dec 2001 04:10:16 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: Glenn Johnson <gjohnson@srrc.ars.usda.gov> Cc: questions@FreeBSD.ORG Subject: Re: ssh does not honor the nologin file Message-ID: <20011201041016.F13613@blossom.cjclark.org> In-Reply-To: <20011130134050.A1933@node7.cluster.srrc.usda.gov>; from gjohnson@srrc.ars.usda.gov on Fri, Nov 30, 2001 at 01:40:50PM -0600 References: <20011130134050.A1933@node7.cluster.srrc.usda.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 30, 2001 at 01:40:50PM -0600, Glenn Johnson wrote:
> The sshd manual says that sshd checks for /etc/nologin and
> /var/run/nologin and if either is found, the login is not allowed. This
> does not work. I have tried with the nologin file present in both /etc
> and /var/run but users can still login via ssh. I would like to be
> able to temporarily disable all logins via ssh from the outside. I can
> not simply kill the daemon because I need ssh on the inside network.
> According to the man page for sshd this should "just work". Does any
> one have any ideas?
The check for the 'nologin' files is disabled when sshd(8) is built
with USE_PAM. The current pam(8) configuration in the default system
does not check for nologin.
The pam_nologin module is not built by default in STABLE. To fix this,
you need to build the module, install it, and then edit pam.conf to
use it.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011201041016.F13613>