From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030922 Description of problem: According to the sshd manpage, after a successful login sshd 3. Checks /etc/nologin; if it exists, prints contents and quits (unless root). This is not what happens. Instead ssh gives a "Permission denied" message, exactly as if an incorrect password had been given. It does this even when the password is correct, so sshd is preventing logins but not displaying the message. Version-Release number of selected component (if applicable): openssh-server-3.6.1p2-18 How reproducible: Always Steps to Reproduce: 1. Create /etc/nologin on an sshd server 2. Try to login remotely as a non-root user Actual Results: Prompted for a password 3 times. Each time it fails with "Permission denied, plase try again later.", even though the password is correct. Expected Results: Prompted one time for the passwd, get the contents of /etc/nologin, no misleading "Permission denied" messages. Additional info:
If you want this behaviour - remove the pam_nologin line from the /etc/pam.d/sshd file.
This is easily workarounded by user but it cannot be set as default in RHEL3/4. On the other hand the current upstream openssh code prints the nologin contents fine if the pam_nologin is moved to account stage and it is more configurable (nologin file can be specified etc.) this way.