nologin not working with openssh >= 4.3 and authentication != password
Damien Miller
djm at mindrot.org
Tue Jan 23 09:27:46 EST 2007
On Fri, 5 Jan 2007, Michael Weiser wrote:
> Hi developers,
>
> today I tried to disable logins to an ssh server by putting a nologin
> file into /etc. This only worked for logins that use the password
> authentication mechanism. publickey-based authentications still
> succeeded and the users were allowed into the system. This seems
> straightforward to me since openssh 4.3 disabled the evaluation of
> /etc/nologin in favour of pam_nologin but doesn't use PAM for anything
> other than password-based logins, does it?
Yes, PAM account and session modules are run for non-password
authentications. My guess is that you have the nologin module in
the authentication section of your PAM config.
-d
More information about the openssh-unix-dev
mailing list