/etc/login.access does not work 100% over ssh. I have the following line in login.access -:ray:ALL EXCEPT LOCAL Which I believe means the user 'ray' can not login from anywhere unless it is a local login. So, I tested it over ssh from a remote box tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au Password: Password: Password: ray@sonic.cbnmediaX.com.au's password: Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240. Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2-RELEASE-p2 (SONIC) #1: Sun Feb 8 01:18:08 EST 2004 (I'm 100% sure I typed the password correct each time) As you can see, I'm denied access each time until the 'ray@sonic...' option is presented, then I'm allowed in. I personally think this is a security hole but I'm happy to admit it could be a configuration issue at my end. Please let me know if its a problem at my end. Thanks for your time. -Tig
Hi Tig, Tig <tigger@onemoremonkey.com> wrote: [...]> So, I tested it over ssh from a remote box > > tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au > Password: > Password: > Password: > ray@sonic.cbnmediaX.com.au's password: > Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240.[...]> (I'm 100% sure I typed the password correct each time) > As you can see, I'm denied access each time until the 'ray@sonic...' > option is presented, then I'm allowed in.this looks like, you have configured PasswordAuthentication yes and Protocol 2,1 in your servers /etc/ssh/sshd_config. So your client is trying to authenticate to the _local_ id-File. If this is failing (3 times) then it tries the PasswordAuthentication at the _remote_ maschine. So i think you typed in the wrong password for your _local_ id-File and the fourth time at the "ray@sonic.cbnmediaX.com.au's password:" prompt you typed in the correct password for user ray at host sonic.cbnmediX.com.au. [...]> -TigHTH Sven