On Sun, May 05, 2002 at 07:23:29PM +0200, Tim van Erven wrote: > I don't know much about OpenSSH or PAM internals, but how about adding > an option to PAM to make authentication always fail for root and move > all this authentication stuff into PAM.
you could use pam to deny root access with the pam_listfile module in /etc/pam.d/ssh add the line : auth required pam_listfile.so item=user sense=deny file=/etc/sshuser onerr=succeed and put the deny's user line by line you'll have the 1~3 delay then and a authentification failure for root without the 'PermitRootLogin no' -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]