> #%PAM-1.0 > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/pam_access.so > account required /lib/security/$ISA/pam_unix.so > > password required /lib/security/$ISA/pam_cracklib.so retry=3 > password sufficient /lib/security/pam_unix.so nullok use_authtok md5 > shadow nis > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > > ... and, to be sure, system-auth is referenced within /etc/pam.d/sshd: > > #%PAM-1.0 > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > session required pam_loginuid.so Is there a reverse DNS entry for the machine you are denying yourself from? Try using the ip address instead of the hostname so we can eliminate that from the equation. Thanks, Barry