Hi again, Big thanks to Barry Brimer and Will McDonald for your suggestions! I had big hopes for the "UsePAM yes" in sshd_config since I was not aware of that option, and it seemed like THE solution. However, tried it, restarted the sshd daemon but still the same, I can still log on. Totally strange. Next I would like to consider Barry's suspicion that something is wrong with the order of statements in /etc/pam.d/system-auth. Here is my current file, I simply put the pam_access line just before he other "account" line: #%PAM-1.0 auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/pam_access.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so ... and, to be sure, system-auth is referenced within /etc/pam.d/sshd: #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so I hope you can spot something wrong in here :-) -- it all seems ok to me. Cheers, Morten -- Morten Kjeldgaard, Asc. professor, Ph.D. Department of Molecular Biology, Aarhus University Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178 Home +45 86188180 * http://www.bioxray.dk/~mok