Login seems to be ignoring my /etc/login.access settings. I have the following entries (see below) in my login.access, yet any new user (not in the wheel group) is still allowed to login. What am I missing? # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ # -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel:ALL Thanks, -- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT]
I am not sure if sshd out of the box honours it or not. Do you have
UseLogin yes or no ?
---Mike
At 08:23 AM 11/07/2003 -0600, Scott Gerhardt wrote:
>Login seems to be ignoring my /etc/login.access settings.
>
>I have the following entries (see below) in my login.access, yet any new
>user (not in the wheel group) is still allowed to login. What am I missing?
>
>
># $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $
>#
>-:ALL EXCEPT wheel:console
>-:ALL EXCEPT wheel:ALL
>
>
>Thanks,
>
>
>--
>Scott Gerhardt, P.Geo.
>Gerhardt Information Technologies [G-IT]
>
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"
I was using the default sshd config which has "UseLogin no". I changed it to "yes, restarted sshd and logins are now denied/allowd as defined in my /etc/login.access. Thanks! I would like to know if there any negative effect or implications of setting "UseLogin yes" in sshd_config? Cheers, -- Scott On 7/12/03 10:35 AM, "Mike Tancsa" <mike@sentex.net> wrote:> I am not sure if sshd out of the box honours it or not. Do you have > UseLogin yes or no ? > > ---Mike > At 08:23 AM 11/07/2003 -0600, Scott Gerhardt wrote: > >> Login seems to be ignoring my /etc/login.access settings. >> >> I have the following entries (see below) in my login.access, yet any new >> user (not in the wheel group) is still allowed to login. What am I missing? >> >> >> # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ >> # >> -:ALL EXCEPT wheel:console >> -:ALL EXCEPT wheel:ALL >> >> >> Thanks, >> >> >> -- >> Scott Gerhardt, P.Geo. >> Gerhardt Information Technologies [G-IT] >> >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"-- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT]
4.8 STABLE. So, how do you get sshd to listen to login.access ? i.e. what
is the correct solution
---Mike
At 01:02 PM 7/14/2003 +0200, Dag-Erling Sm?rgrav wrote:>Scott Gerhardt <scott@g-it.ca> writes:
> > I was using the default sshd config which has "UseLogin no".
I changed it
> > to "yes, restarted sshd and logins are now denied/allowd as
defined in my
> > /etc/login.access.
>
>That is not the correct solution.
>
>What FreeBSD version are you using?
>
>DES
>--
>Dag-Erling Sm?rgrav - des@des.no
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike