08-18-2011
You can't login to ssh with an account set to nologin, no. That's kind of the point.
Actually now that I think of it you can install a utility called 'scponly', which is a special "shell" which will allow users to login for scp/sftp but won't permit them to login to a shell session. This would have the security advantages of nologin, but still let you check keys by logging in with scp.
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
What do I need to do to be able to connect to an IRC server from work?
At work I'm behind a firewall that blocks all IRC connections on standard ports.
I read that I could use a shell account and set something up (which I am searching what) that I could use to connect to and tunnel my... (4 Replies)
Discussion started by: KromiX
4 Replies
2. UNIX for Dummies Questions & Answers
In our country, blogspot.com, twitter.com facebook.com....and more excellent sites are blocked by the Goverment FireWall, who can help me ? thanks a lot for your kind. (2 Replies)
Discussion started by: shuke
2 Replies
3. UNIX for Dummies Questions & Answers
Hello, : )
I have a remote access to the server that hosts my joomla, and it does not have cpanel.
So I have to do everything manually.
I need to have an FTP account to the httpdocs folder because I need to put these info in the config file of joomla (to allow file uploading ...etc)
So,... (8 Replies)
Discussion started by: Hayatt
8 Replies
4. Cybersecurity
Hi all,
I am having some issues with openssh vers OpenSSH_4.6p1 on SCO unixware 7.1.4
when a user accesses the system via ssh and the password is incorrect and more attempts have been made that the lock out limit I find that although there are messages in the syslog the account does not lock... (0 Replies)
Discussion started by: chlawren
0 Replies
5. UNIX for Dummies Questions & Answers
Hi team,
I am not able to configure the ssh settings for a UserA to do ssh or scp to the UserB in the same server , what could be the best way to do the ssh form UserA to UserB.
I've generated the public key in UserA ~/.ssh and kept a copy of that in ~/.ssh of authorized_key of UserB . Still... (1 Reply)
Discussion started by: posix
1 Replies
6. Shell Programming and Scripting
Hi,
Need one clarification..
If suppose, I have disabled the login to a particular user XXX, but not deleted the user.
So the scripts which must be executed using the user XXX can still be executed using that user or is it not possible..?
In our tasks, we are disabling the user XXX, and after... (1 Reply)
Discussion started by: Dpu
1 Replies
7. Red Hat
Hello experts,
Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate.
Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
Discussion started by: naveendronavall
1 Replies
8. UNIX for Beginners Questions & Answers
I have Windows AD server and all of the linux computers are joined to AD.
Recently, 2FA has been activated, I wish to exclude some of the domain service accounts from 2FA
# less /etc/pam_radius_acl.conf
sshd:*
# /etc/pam.d/sshd
auth required pam_sepermit.so
auth requisite... (0 Replies)
Discussion started by: davidpar007
0 Replies
LEARN ABOUT HPUX
pam_nologin
PAM_NOLOGIN(8) Linux-PAM Manual PAM_NOLOGIN(8)
NAME
pam_nologin - Prevent non-root users from login
SYNOPSIS
pam_nologin.so [file=/path/nologin] [successok]
DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of
the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in.
OPTIONS
file=/path/nologin
Use this file instead the default /var/run/nologin or /etc/nologin.
successok
Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
MODULE TYPES PROVIDED
The auth and acct module types are provided.
RETURN VALUES
PAM_AUTH_ERR
The user is not root and /etc/nologin exists, so the user is not permitted to log in.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
This is the default return value.
PAM_SUCCESS
Success: either the user is root or the nologin file does not exist.
PAM_USER_UNKNOWN
User not known to the underlying authentication module.
EXAMPLES
The suggested usage for /etc/pam.d/login is:
auth required pam_nologin.so
NOTES
In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any
sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return
PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin
module succeeded.
SEE ALSO
nologin(5), pam.conf(5), pam.d(5), pam(7)
AUTHOR
pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.
Linux-PAM Manual 09/19/2013 PAM_NOLOGIN(8)