Red Hat Bugzilla – Bug 117981
sshd does not print contents of /etc/nologin
Last modified: 2007-11-30 17:07:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030922
Description of problem:
According to the sshd manpage, after a successful login sshd
3. Checks /etc/nologin; if it exists, prints contents and quits
This is not what happens. Instead ssh gives a "Permission denied"
message, exactly as if an incorrect password had been given. It does
this even when the password is correct, so sshd is preventing logins
but not displaying the message.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create /etc/nologin on an sshd server
2. Try to login remotely as a non-root user
Actual Results: Prompted for a password 3 times. Each time it fails
with "Permission denied, plase try again later.", even though the
password is correct.
Expected Results: Prompted one time for the passwd, get the contents
of /etc/nologin, no misleading "Permission denied" messages.
If you want this behaviour - remove the pam_nologin line from the
This is easily workarounded by user but it cannot be set as default in RHEL3/4.
On the other hand the current upstream openssh code prints the nologin contents
fine if the pam_nologin is moved to account stage and it is more configurable
(nologin file can be specified etc.) this way.