Thanks, I'll go for the uselogin option since Im only going to use it for text-terminals. Would there be any security risks using this option? Best Regards Jonas Trollvik ----- Original Message ----- From: "Cordula's Web" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, November 28, 2003 1:43 AM Subject: Re: sshd not respecting login.access
> > I've been using login.access for a long while, it hasnt occured to > > me until now that sshd isnt taking that file into account. No users > > (except me) can log in to my system with telnet and they shouldnt > > with sshd. > > login.access is only used by login(1), not by sshd. > > This is also the reason why time-limited logins and other nice > configurable features are not possible to enforce with ssh. They > are login(1)-specific. > > > Is there a workaround for this? Wouldnt it be considered a serious > > bug that sshd doesnt parse this file? > > You could enable UseLogin in /etc/ssh/sshd_config > but this is NOT recommended! See sshd_config(5). > > If sshd were fully PAMified, you could try to plug in some pam > modules to enforce access policy. You'll have to test your setup > thoroughly. I've tried this with a custom time class PAM module > only to discover that sshd doesn't really interact all that well > with such modules. Beware, and test. > > > Best Regards > > Jonas Trollvik > > -- > Cordula's Web. http://www.cordula.ws/ > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"