The following reply was made to PR documentation/6641; it has been noted by GNATS.
From: Ted Unangst <[email protected]> To: [email protected] Cc: [email protected], GNATS Filer <[email protected]>, [email protected] Subject: Re: documentation/6641: sshd(8) docs say they will output /etc/nologin contents, but no contents are output Date: Wed, 29 Jun 2011 18:24:58 -0400 (EDT) On Wed, 29 Jun 2011, [email protected] wrote: > >Synopsis: sshd(8) docs say they will output /etc/nologin contents, > >but no contents are output > I tried this on this machine, which is many configuration changes from > the defaults, > as well as on a fresh 4.9 i386 install. I created an /etc/nologin file, put > some text in it, > and made it world readable. Then, login attempts against sshd fail with the > message > > Permission denied, please try again. > > No outputting of /etc/nologin happens. > > >How-To-Repeat: > Create /etc/nologin, chmod a+r, attempt login over ssh. > >Fix: > Either make it output the text, or change the docs. It looks like sshd isn't getting a chance to print nologin. If you check authlog, you'll see that the user is invalid. login_passwd is denying the request before sshd even knows the user is valid. getpwnamallow calls auth_approval() which does its own nologin checking.
