47298 – sshd ignores /etc/nologin

Bug 47298 - sshd ignores /etc/nologin

Summary: sshd ignores /etc/nologin

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openssh
Sub Component:	(Show other bugs)
Version:	7.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-07-04 15:57 UTC by chris
Modified:	2007-04-18 16:34 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2001-07-22 19:10:48 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description chris 2001-07-04 15:57:15 UTC

The manpage for sshd states:

  LOGIN PROCESS
     When a user successfully logs in, sshd does the following:
           <...>
           3.   Checks /etc/nologin; if it exists, prints contents and
                quits (unless root).

It doesn't.  Even if /etc/nologin exists, any user can still log in.

Comment 1 Pekka Savola 2001-07-22 19:10:43 UTC

Fixed in OpenSSH CVS:

20010713
 - (djm) Enable /etc/nologin check on PAM systems, as some lack the
   pam_nologin module. Report from William Yodlowsky
   <bsd@openbsd.rutgers.edu>

Comment 2 Nalin Dahyabhai 2001-09-06 12:52:16 UTC

This change will be integrated into 2.9p2-7 and later.  Thanks!

Comment 3 Dax Kelson 2006-02-01 17:36:26 UTC

The OpenSSH devs should have never made that change. They reverted this in the
Feb 2005 release of OpenSSH v4.3.

Now, properly, OpenSSH defers to PAM on /etc/nologin processing.

Note You need to log in before you can comment on or make changes to this bug.