Bug 47298 - sshd ignores /etc/nologin
Summary: sshd ignores /etc/nologin
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-07-04 15:57 UTC by chris
Modified: 2007-04-18 16:34 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-07-22 19:10:48 UTC
Embargoed:


Attachments (Terms of Use)

Description chris 2001-07-04 15:57:15 UTC
The manpage for sshd states:

  LOGIN PROCESS
     When a user successfully logs in, sshd does the following:
           <...>
           3.   Checks /etc/nologin; if it exists, prints contents and
                quits (unless root).

It doesn't.  Even if /etc/nologin exists, any user can still log in.

Comment 1 Pekka Savola 2001-07-22 19:10:43 UTC
Fixed in OpenSSH CVS:

20010713
 - (djm) Enable /etc/nologin check on PAM systems, as some lack the
   pam_nologin module. Report from William Yodlowsky
   <bsd.edu>


Comment 2 Nalin Dahyabhai 2001-09-06 12:52:16 UTC
This change will be integrated into 2.9p2-7 and later.  Thanks!

Comment 3 Dax Kelson 2006-02-01 17:36:26 UTC
The OpenSSH devs should have never made that change. They reverted this in the
Feb 2005 release of OpenSSH v4.3.

Now, properly, OpenSSH defers to PAM on /etc/nologin processing.


Note You need to log in before you can comment on or make changes to this bug.