Hello,
I'm running current
OpenBSD 5.1-current (GENERIC) #2: Fri Mar 9 18:02:19 CET 2012
andre@pc:/usr/src/sys/arch/amd64/compile/GENERIC
and I've noticed some strange things when logging in through ssh.
The sshd(8) manpage says for a login that it:
"checks /etc/nologin; if it exists, prints contents and quits (unless
root)."
I have the following users:
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
5(operator), 20(staff), 31(guest)
uid=1000(andre) gid=1000(andre) groups=1000(andre), 0(wheel)
uid=1001(test) gid=1001(test) groups=1001(test)
The file /etc/nologin exists and is world-readable.
When PermitRootLogin is set to yes then:
root: access is denied, /etc/nologin gets printed
andre: has access
test: access is denied, nothing gets printed
Here I'd expect that only root has access. Everyone else gets the
contents of /etc/nologin and will be disconnected.
When PermitRootLogin is set to no
root: access is denied, nothing gets printed
andre: has access
test: access is denied, nothing gets printed
Here I'd expect that at least the user test gets the contents of
/etc/nologin and will be disconnected. I don't know if it makes a
difference when a user is in the group wheel, if not then the user andre
should be disconnected, too.
Am I missing something?
Thanks a lot
AndrC)
