Date: Fri, 30 Nov 2001 15:07:02 -0500 (EST) From: Scott Nolde <scott@smnolde.com> To: Glenn Johnson <gjohnson@srrc.ars.usda.gov> Cc: <questions@FreeBSD.ORG> Subject: Re: ssh does not honor the nologin file Message-ID: <20011130150529.K93019-100000@bsd.smnolde.com> In-Reply-To: <20011130134050.A1933@node7.cluster.srrc.usda.gov>
index | next in thread | previous in thread | raw e-mail
smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG: >Date: Fri, 30 Nov 2001 13:40:50 -0600 >From: Glenn Johnson <gjohnson@srrc.ars.usda.gov> >To: questions@FreeBSD.ORG >Subject: ssh does not honor the nologin file > >The sshd manual says that sshd checks for /etc/nologin and >/var/run/nologin and if either is found, the login is not allowed. This >does not work. I have tried with the nologin file present in both /etc >and /var/run but users can still login via ssh. I would like to be >able to temporarily disable all logins via ssh from the outside. I can >not simply kill the daemon because I need ssh on the inside network. >According to the man page for sshd this should "just work". Does any >one have any ideas? > >Thanks. > >-- >Glenn Johnson >USDA, ARS, SRRC Phone: (504) 286-4252 >New Orleans, LA 70124 e-mail: gjohnson@srrc.ars.usda.gov > You could firewall the appropriate port which sshd listens on; ipfw add deny ip from any to $SSHD_SERVER from any $SSHD_PORT in via $EXT_NIC My $0.02 Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011130150529.K93019-100000>