Here's a patch for a feature I'm used to having in the old commercial ssh. It checks for usernames the file /etc/nologin.allow when /etc/nologin is in place, and lets the users mentioned in /etc/nologin.allow in regardless of /etc/nologin. This is very usefull for remote administration of servers. Please consider applying this. -jf -------------- next part -------------- --- openssh-SNAP-2000082900/session.c Tue Aug 29 02:33:51 2000 +++ openssh/session.c Wed Aug 30 12:17:13 2000 @@ -943,6 +943,9 @@ while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); +#ifdef NOLOGINALLOW + if (nologin_allow(pw->pw_name) != 1) +#endif /* NOLOGINALLOW */ exit(254); } } @@ -1858,4 +1861,29 @@ server_loop2(); if (xauthfile) xauthfile_cleanup_proc(NULL); +} + +int +nologin_allow(char *username) +{ + char buf[256], buf2[256]; + FILE *f = NULL; + + /* Appending an "\n" to the username since that's what it'll read like + * in the file. + */ + strcpy(buf2, username); + strcat(buf2, "\n"); + + f = fopen("/etc/nologin.allow", "r"); + if (f) { + while (fgets(buf, sizeof(buf), f)) + if (strcmp(buf2, buf) == 0) { + fputs("WARNING: Let in by /etc/nologin.allow\n", stderr); + fclose(f); + return(1); + } + fclose(f); + } + return(0); }