Bug 47298

Summary: sshd ignores /etc/nologin
Product: [Retired] Red Hat Linux Reporter: chris
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: bugs.michael, dkelson, pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-07-22 19:10:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description chris 2001-07-04 15:57:15 UTC 
The manpage for sshd states:

  LOGIN PROCESS
     When a user successfully logs in, sshd does the following:
           <...>
           3.   Checks /etc/nologin; if it exists, prints contents and
                quits (unless root).

It doesn't.  Even if /etc/nologin exists, any user can still log in.
Comment 1 Pekka Savola 2001-07-22 19:10:43 UTC 
Fixed in OpenSSH CVS:

20010713
 - (djm) Enable /etc/nologin check on PAM systems, as some lack the
   pam_nologin module. Report from William Yodlowsky
   <bsd.edu>
Comment 2 Nalin Dahyabhai 2001-09-06 12:52:16 UTC 
This change will be integrated into 2.9p2-7 and later.  Thanks!
Comment 3 Dax Kelson 2006-02-01 17:36:26 UTC 
The OpenSSH devs should have never made that change. They reverted this in the
Feb 2005 release of OpenSSH v4.3.

Now, properly, OpenSSH defers to PAM on /etc/nologin processing.