Comments on: Linux PAM configuration that allows or deny login via the sshd server

By: mark

mark — Wed, 14 Dec 2011 12:12:57 +0000

It’s not working on openldap authentication with white list on /etc/ssh/ssh.allow.

Dec 14 18:47:11 PDCSERVER slapd[21346]: conn=64795871 op=1 SRCH base=”ou=Users,dc=kama,dc=in” scope=1 deref=0 filter=”(&(objectClass=shadowAccount)(uid=rana.taba))”

Dec 14 18:47:11 showa9 sshd[22655]: error: PAM: Authentication failure for rana.taba from 192.168.100.200

By: suzuki

suzuki — Sat, 02 Oct 2010 07:20:45 +0000

hi,

it doesn’t work for my system. why?

By: Gerrard Geldenhuis

Gerrard Geldenhuis — Thu, 13 May 2010 12:07:00 +0000

As stated above it is key to prepend the line to allow it to be executed by pam. There is also no need at all to restart sshd.

By: Rajesh

Rajesh — Mon, 29 Mar 2010 18:58:05 +0000

boot from a rescue cd and edit the files.

By: vimbyseno

vimbyseno — Tue, 16 Mar 2010 14:37:05 +0000

my config:
auth required /lib/security/pam_listfile.so item=user sense=allow file=/etc/sshd/user-sshd onerr=fail

user in user-sshd:
root
user1
user2
……

now root can’t remote the vps :(
if i login as root using putty, the console window (putty) closed immedietly when root loged to vps :(
how to solve my problem??? plis help me

By: Kevin

Kevin — Wed, 30 Dec 2009 23:21:48 +0000

In my experience, the line:
auth required pam_listfile.so item=user sense=allow file=/etc/sshd/sshd.allow onerr=fail

must be prepended (i.e., placed as the first line) in the file, not appended as this article states.

By: Chuck Hale

Chuck Hale — Tue, 22 Dec 2009 11:34:40 +0000

Article solved my problem!

By: Bhagesh

Bhagesh — Wed, 02 Sep 2009 11:52:17 +0000

It is working fine for ssh and scp.
Now I wants to block only the ssh login session. and I required the scp file transfer
anybody have an Idea

By: Gerald

Gerald — Fri, 28 Aug 2009 10:32:41 +0000

Hi,
If you want block all ssh access (via login/password) AND vi authorized_keys, you shoud use ‘account required pam_listfile.so item=user sense=allow file=/etc/ssh/sshd.allow onerr=succeed’

because ‘auth xxx’ line seems not checked if sshd use public keys authentification.

Bst Regard
GeraldH

By: vivek

vivek — Tue, 05 Jun 2007 18:04:30 +0000

It should work, you need to play with pam modules. Pam is designed for this kind of work only.

By: nick

nick — Tue, 05 Jun 2007 16:34:59 +0000

This works great on local users it seems, but its not having any effect on ldap users, or groups, what would you suggest as a way to control their access?