On 29/11/06, Morten Kjeldgaard <mok at bioxray.dk> wrote: > Hi, > > I am having a strange problem, where I cannot get pam_access to work as > intended. I have placed the following line in /etc/pam.d/system-auth > > account required /lib/security/pam_access.so > > Then, in /etc/security/access.conf, I have put the following line: > > -:mok:10.14.44.104 > > I.e. I should prevent myself from logging on from host 10.14.44.104. > However, when I try to log on (using ssh) from the specified host, I get > in without a problem. There is nothing in the logs. It does not help > restarting sshd, or rebooting. It does not help putting "ALL" instead of > the IP number. I happily get in... Is UsePAM set in your sshd_config ? UsePAM Enables the Pluggable Authentication Module interface. If set to "yes" this will enable PAM authentication using ChallengeResponseAuthentication and PAM account and session mod- ule processing for all authentication types. Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either PasswordAuthentication or ChallengeResponseAuthentication. If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user. The default is "no". Will.