Date: Mon, 21 Jun 2004 09:54:31 +0300 From: Peter Pentchev <roam@ringlet.net> To: Charles Sprickman <spork@inch.com> Cc: freebsd-security@freebsd.org Subject: Re: 4.x, PAM, password facility Message-ID: <20040621065431.GA970@straylight.m.ringlet.net> In-Reply-To: <20040618161910.C70190@shell.inch.com> References: <20040618161910.C70190@shell.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--uAKRQypu60I7Lcqm Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 18, 2004 at 04:26:19PM -0400, Charles Sprickman wrote: [snip] > And since I know there's someone lurking here that knows this, is there > any way to have OpenSSH deny a login when a user has key-based auth setup > on their account? I never found a good way to take care of that; changing > the shell, etc. is a bit awkward. The sshd_config(5) manual page for OpenSSH in both -STABLE and -CURRENT mentions Allow/DenyUsers/Groups. I'm not sure how long this has been around, though - I seem to remember a time when only ssh.com's sshd supported this. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If I had finished this sentence, --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA1oYn7Ri2jRYZRVMRAje2AJ4wd5wLCtHvydb0dep9R+wNEC91xgCgjNZW xeS9uf3BIby0zk/Vkdm3GU4= =4WmR -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040621065431.GA970>