How to block NIS logins via ssh?

Mel fbsd.questions at
Thu Dec 11 00:11:29 PST 2008

On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote:

> Given, there's several solutions to this:
> 1) The Kluge as above.
> 2) A pam module to check /etc/group (this is standard login behavior, and
> historically supported, and available on other platforms, adding a module,
> even to ports, is trivial.
> 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH
> has the "UseLogin" option, which may also do this.
> 4) An option to pam_unix to check this.  Differs from #2 in that it's a
> change to an existing module instead of one in ports.

5) Use AllowGroups/AllowUsers and/or their Deny equivalent in sshd_config.

6) Disable password based logins and use keys only.


Problem with today's modular software: they start with the modules
    and never get to the software part.

More information about the freebsd-questions mailing list