On Wed, 29 Jun 2011, [email protected] wrote: > >Synopsis: sshd(8) docs say they will output /etc/nologin contents, but > >no contents are output
> I tried this on this machine, which is many configuration changes from > the defaults, > as well as on a fresh 4.9 i386 install. I created an /etc/nologin file, put > some text in it, > and made it world readable. Then, login attempts against sshd fail with the > message > > Permission denied, please try again. > > No outputting of /etc/nologin happens. > > >How-To-Repeat: > Create /etc/nologin, chmod a+r, attempt login over ssh. > >Fix: > Either make it output the text, or change the docs. It looks like sshd isn't getting a chance to print nologin. If you check authlog, you'll see that the user is invalid. login_passwd is denying the request before sshd even knows the user is valid. getpwnamallow calls auth_approval() which does its own nologin checking.
