nologin not working with openssh >= 4.3 and authentication != password

Michael Weiser michael at
Tue Jan 23 09:06:27 EST 2007

Hi developers,

today I tried to disable logins to an ssh server by putting a nologin
file into /etc. This only worked for logins that use the password
authentication mechanism. publickey-based authentications still
succeeded and the users were allowed into the system. This seems
straightforward to me since openssh 4.3 disabled the evaluation of
/etc/nologin in favour of pam_nologin but doesn't use PAM for anything
other than password-based logins, does it?

Is this a known issue or even a non-issue due to a misunderstanding on
my part?
Thanks in advance,
bye, Michael

More information about the openssh-unix-dev mailing list