Thanks, I'll go for the uselogin option since Im only going to use it for
text-terminals.
Would there be any security risks using this option?
Best Regards
Jonas Trollvik
----- Original Message ----- 
From: "Cordula's Web" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, November 28, 2003 1:43 AM
Subject: Re: sshd not respecting login.access


> > I've been using login.access for a long while, it hasnt occured to
> > me until now that sshd isnt taking that file into account. No users
> > (except me) can log in to my system with telnet and they shouldnt
> > with sshd.
>
> login.access is only used by login(1), not by sshd.
>
> This is also the reason why time-limited logins and other nice
> configurable features are not possible to enforce with ssh. They
> are login(1)-specific.
>
> > Is there a workaround for this? Wouldnt it be considered a serious
> > bug that sshd doesnt parse this file?
>
> You could enable UseLogin in /etc/ssh/sshd_config
> but this is NOT recommended! See sshd_config(5).
>
> If sshd were fully PAMified, you could try to plug in some pam
> modules to enforce access policy. You'll have to test your setup
> thoroughly. I've tried this with a custom time class PAM module
> only to discover that sshd doesn't really interact all that well
> with such modules. Beware, and test.
>
> > Best Regards
> > Jonas Trollvik
>
> -- 
> Cordula's Web. http://www.cordula.ws/
>

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to