Date: Sat, 1 Dec 2001 04:10:16 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: Glenn Johnson <gjohnson@srrc.ars.usda.gov> Cc: questions@FreeBSD.ORG Subject: Re: ssh does not honor the nologin file Message-ID: <20011201041016.F13613@blossom.cjclark.org> In-Reply-To: <20011130134050.A1933@node7.cluster.srrc.usda.gov>; from gjohnson@srrc.ars.usda.gov on Fri, Nov 30, 2001 at 01:40:50PM -0600 References: <20011130134050.A1933@node7.cluster.srrc.usda.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 30, 2001 at 01:40:50PM -0600, Glenn Johnson wrote: > The sshd manual says that sshd checks for /etc/nologin and > /var/run/nologin and if either is found, the login is not allowed. This > does not work. I have tried with the nologin file present in both /etc > and /var/run but users can still login via ssh. I would like to be > able to temporarily disable all logins via ssh from the outside. I can > not simply kill the daemon because I need ssh on the inside network. > According to the man page for sshd this should "just work". Does any > one have any ideas? The check for the 'nologin' files is disabled when sshd(8) is built with USE_PAM. The current pam(8) configuration in the default system does not check for nologin. The pam_nologin module is not built by default in STABLE. To fix this, you need to build the module, install it, and then edit pam.conf to use it. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011201041016.F13613>