Barry wrote:
Is there a reverse DNS entry for the machine you are denying yourself from? Try using the ip address instead of the hostname so we can eliminate that from the equation.
OK, good point! I changed the entry in /etc/security/access.conf to
-:mok:beast
(instead of -:mok:10.14.44.104)
I've just had a play on a test system and I seem to have it working.
... and setup the sshd with UsePAM yes like suggested by Will, and now the setup WORKS!
We _do_ have reverse IP lookup, but perhaps the reverse lookup and the authentication do not agree on whether to use a FQDN or the short form. Anyhow, using the short form works in our setup. So, now that it works, I could test to see what breaks it again, and it is definitely important to have the "UsePAM yes" line in sshd_config.
[user@client ~]$ ssh -ltestuser 192.168.24.112 Password: Password: Password: Permission denied (publickey,keyboard-interactive).
I get the same (unfriendly) message. It would be nice to be able to print a message to the user, explaining why access is denied. Otherwise we will have users standing in lines demanding an explanation. I guess it is possible with some sneaky pam engineering, I will look into that next.
Thanks for the help! Cheers, Morten