Fajar Priyanto <fajarpri@cbn.net.id> wrote:
I'm trying to show a demo on how to modify PAM so that /etc/nologin is bypass by ssh. I have modified /etc/pam.d/sshd: #%PAM-1.0 auth include common-auth #auth required pam_nologin.so [...]
When I try to ssh into the PC, I get logged in, but immediately got kicked out. In /var/log/messages I see this: sshd : User fajar is not allowed because /etc/nologin exists
I think it is not possible to configure sshd so that it ignores /etc/nologin. The check for /etc/nologin seems to be hard-codes in /usr/sbin/sshd: $ strings /usr/sbin/sshd | grep nologin /etc/nologin The login behaviour of sshd is described in its manual page (man sshd, section "LOGIN PROCESS"). The pam_nologin line in /etc/pam.d/sshd seems to be an additional check. Björn