From owner-freebsd-questions Fri Nov 30 12:29:10 2001 Delivered-To: freebsd-questions@freebsd.org Received: from bmyster.com (dsl-144.sacoriver.net [65.162.190.145]) by hub.freebsd.org (Postfix) with ESMTP id 5068A37B405 for ; Fri, 30 Nov 2001 12:29:04 -0800 (PST) Received: from Misterb (misterb.cybertours.com [208.130.43.208]) by bmyster.com (8.11.3/8.11.3) with SMTP id fAUKfx949342; Fri, 30 Nov 2001 15:41:59 -0500 (EST) (envelope-from misterb@cybertours.com) Message-ID: <008301c179dc$a3ce5920$d02b82d0@Misterb> From: "Brent" To: "Glenn Johnson" , References: <20011130134050.A1933@node7.cluster.srrc.usda.gov> Subject: Re: ssh does not honor the nologin file Date: Fri, 30 Nov 2001 15:21:47 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG you can specify what users OR groups can login using ssh by editing the following file. /etc/ssh/sshd.config at the bottom of the file ..add something like AllowGroups groupname <------this will only allow users from whatever group you want to login AllowUsers username <-------this will allow whatever user you want to login. for example i have AllowGroups wheel <----this only allows users from the wheel group to login ( only me ) hope this helps ya Brent ----- Original Message ----- From: "Glenn Johnson" To: Sent: Friday, November 30, 2001 2:40 PM Subject: ssh does not honor the nologin file > The sshd manual says that sshd checks for /etc/nologin and > /var/run/nologin and if either is found, the login is not allowed. This > does not work. I have tried with the nologin file present in both /etc > and /var/run but users can still login via ssh. I would like to be > able to temporarily disable all logins via ssh from the outside. I can > not simply kill the daemon because I need ssh on the inside network. > According to the man page for sshd this should "just work". Does any > one have any ideas? > > Thanks. > > -- > Glenn Johnson > USDA, ARS, SRRC Phone: (504) 286-4252 > New Orleans, LA 70124 e-mail: gjohnson@srrc.ars.usda.gov > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message