How to block NIS logins via ssh?

Jerry gesbbb at
Thu Dec 11 03:40:23 PST 2008

On Thu, 11 Dec 2008 09:11:26 +0100
Mel <fbsd.questions at> wrote:

>On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote:
>> Given, there's several solutions to this:
>> 1) The Kluge as above.
>> 2) A pam module to check /etc/group (this is standard login
>> behavior, and historically supported, and available on other
>> platforms, adding a module, even to ports, is trivial.
>> 3) A patch to openssh to do /etc/shells checking (I'll note that
>> openSSH has the "UseLogin" option, which may also do this.
>> 4) An option to pam_unix to check this.  Differs from #2 in that
>> it's a change to an existing module instead of one in ports.
>5) Use AllowGroups/AllowUsers and/or their Deny equivalent in
>6) Disable password based logins and use keys only.

Personally, I have always used 'keys' instead of passwords. Given
enough time and resources, any password can be cracked. I really do not
understand why so many users insist on using passwords anyway.

gesbbb at

A sadist is a masochist who follows the Golden Rule.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list