> >have you tried using /etc/login.access? > > Hmm, looks like sshd does not consult this file! login.conf(5) is indeed the configuration file for login(1) which is not used sshd(8) with the default configuration. You have to use the `UseLogin' option described in sshd_config(5) : UseLogin Specifies whether login(1) is used for interactive login ses- sions. The default is ``no''. Note that login(1) is never used for remote command execution. Note also, that if this is enabled, X11Forwarding will be disabled because login(1) does not know how to handle xauth(1) cookies. If UsePrivilegeSeparation is specified, it will be disabled after authentication. Apart from that, `AllowUsers' and `AllowGroups' have been mentioned multiple times, but it might be easier to use `DenyUsers' and `DenyGroups' options for the described situation. Regards, -- Jeremie Le Hen [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"