Login seems to be ignoring my /etc/login.access settings. I have the following entries (see below) in my login.access, yet any new user (not in the wheel group) is still allowed to login. What am I missing? # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ # -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel:ALL Thanks, -- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT]
I am not sure if sshd out of the box honours it or not. Do you have UseLogin yes or no ? ---Mike At 08:23 AM 11/07/2003 -0600, Scott Gerhardt wrote:>Login seems to be ignoring my /etc/login.access settings. > >I have the following entries (see below) in my login.access, yet any new >user (not in the wheel group) is still allowed to login. What am I missing? > > ># $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ ># >-:ALL EXCEPT wheel:console >-:ALL EXCEPT wheel:ALL > > >Thanks, > > >-- >Scott Gerhardt, P.Geo. >Gerhardt Information Technologies [G-IT] > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
I was using the default sshd config which has "UseLogin no". I changed it to "yes, restarted sshd and logins are now denied/allowd as defined in my /etc/login.access. Thanks! I would like to know if there any negative effect or implications of setting "UseLogin yes" in sshd_config? Cheers, -- Scott On 7/12/03 10:35 AM, "Mike Tancsa" <mike@sentex.net> wrote:> I am not sure if sshd out of the box honours it or not. Do you have > UseLogin yes or no ? > > ---Mike > At 08:23 AM 11/07/2003 -0600, Scott Gerhardt wrote: > >> Login seems to be ignoring my /etc/login.access settings. >> >> I have the following entries (see below) in my login.access, yet any new >> user (not in the wheel group) is still allowed to login. What am I missing? >> >> >> # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ >> # >> -:ALL EXCEPT wheel:console >> -:ALL EXCEPT wheel:ALL >> >> >> Thanks, >> >> >> -- >> Scott Gerhardt, P.Geo. >> Gerhardt Information Technologies [G-IT] >> >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"-- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT]
4.8 STABLE. So, how do you get sshd to listen to login.access ? i.e. what is the correct solution ---Mike At 01:02 PM 7/14/2003 +0200, Dag-Erling Sm?rgrav wrote:>Scott Gerhardt <scott@g-it.ca> writes: > > I was using the default sshd config which has "UseLogin no". I changed it > > to "yes, restarted sshd and logins are now denied/allowd as defined in my > > /etc/login.access. > >That is not the correct solution. > >What FreeBSD version are you using? > >DES >-- >Dag-Erling Sm?rgrav - des@des.no-------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike