nologin not working with openssh >= 4.3 and authentication != password

To:	openssh-unix-dev@mindrot.org
Subject:	nologin not working with openssh >= 4.3 and authentication != password
From:	Michael Weiser <michael@weiser.dinsnail.net>
Date:	Fri, 5 Jan 2007 17:59:12 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	openssh-unix-dev-list1@securepoint.com
Delivered-to:	openssh-unix-dev-tmda@mindrot.org
Delivered-to:	tmda@mindrot.org
List-archive:	<http://lists.mindrot.org/pipermail/openssh-unix-dev>
List-help:	<mailto:openssh-unix-dev-request@mindrot.org?subject=help>
List-id:	Development of portable OpenSSH <openssh-unix-dev.mindrot.org>
List-post:	<mailto:openssh-unix-dev@mindrot.org>
List-subscribe:	<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=subscribe>
List-unsubscribe:	<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=unsubscribe>
Old-delivered-to:	openssh-unix-dev@mindrot.org
Sender:	openssh-unix-dev-bounces+openssh-unix-dev-list1=securepoint.com@mindrot.org
User-agent:	Mutt/1.5.13 (2006-08-11)

To:

openssh-unix-dev@mindrot.org

Subject:

nologin not working with openssh >= 4.3 and authentication != password

From:

Michael Weiser <michael@weiser.dinsnail.net>

Date:

Fri, 5 Jan 2007 17:59:12 +0100

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

openssh-unix-dev-list1@securepoint.com

Delivered-to:

openssh-unix-dev-tmda@mindrot.org

Delivered-to:

tmda@mindrot.org

List-archive:

<http://lists.mindrot.org/pipermail/openssh-unix-dev>

List-help:

<mailto:openssh-unix-dev-request@mindrot.org?subject=help>

List-id:

Development of portable OpenSSH <openssh-unix-dev.mindrot.org>

List-post:

<mailto:openssh-unix-dev@mindrot.org>

List-subscribe:

<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=subscribe>

List-unsubscribe:

<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=unsubscribe>

Old-delivered-to:

openssh-unix-dev@mindrot.org

Sender:

openssh-unix-dev-bounces+openssh-unix-dev-list1=securepoint.com@mindrot.org

User-agent:

Mutt/1.5.13 (2006-08-11)

Hi developers,

today I tried to disable logins to an ssh server by putting a nologin
file into /etc. This only worked for logins that use the password
authentication mechanism. publickey-based authentications still
succeeded and the users were allowed into the system. This seems
straightforward to me since openssh 4.3 disabled the evaluation of
/etc/nologin in favour of pam_nologin but doesn't use PAM for anything
other than password-based logins, does it?

Is this a known issue or even a non-issue due to a misunderstanding on
my part?
-- 
Thanks in advance,
bye, Michael
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

<Prev in Thread]	Current Thread	[Next in Thread>
nologin not working with openssh >= 4.3 and authentication != password, Michael Weiser <= Re: nologin not working with openssh >= 4.3 and authentication != password, Darren Tucker Re: nologin not working with openssh >= 4.3 and authentication != password, Michael Weiser Re: nologin not working with openssh >= 4.3 and authentication != password, Damien Miller

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: No warning message is displayed for "none" cipher, Chris Rapier
Next by Date:	How to remove group1 and group14 from OpenSSH.., Robert Waite
Previous by Thread:	Announce: PKCS#11 support version 0.18 in OpenSSH 4.5p1, Alon Bar-Lev
Next by Thread:	Re: nologin not working with openssh >= 4.3 and authentication != password, Darren Tucker
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: No warning message is displayed for "none" cipher, Chris Rapier

Next by Date:

How to remove group1 and group14 from OpenSSH.., Robert Waite

Previous by Thread:

Announce: PKCS#11 support version 0.18 in OpenSSH 4.5p1, Alon Bar-Lev

Next by Thread:

Re: nologin not working with openssh >= 4.3 and authentication != password, Darren Tucker

Indexes:

[Date] [Thread] [Top] [All Lists]