Barry wrote: > Is there a reverse DNS entry for the machine you are denying yourself > from? Try using the ip address instead of the hostname so we can > eliminate that from the equation. OK, good point! I changed the entry in /etc/security/access.conf to -:mok:beast (instead of -:mok:10.14.44.104) > I've just had a play on a test system and I seem to have it working. ... and setup the sshd with UsePAM yes like suggested by Will, and now the setup WORKS! We _do_ have reverse IP lookup, but perhaps the reverse lookup and the authentication do not agree on whether to use a FQDN or the short form. Anyhow, using the short form works in our setup. So, now that it works, I could test to see what breaks it again, and it is definitely important to have the "UsePAM yes" line in sshd_config. > [user at client ~]$ ssh -ltestuser 192.168.24.112 > Password: > Password: > Password: > Permission denied (publickey,keyboard-interactive). I get the same (unfriendly) message. It would be nice to be able to print a message to the user, explaining why access is denied. Otherwise we will have users standing in lines demanding an explanation. I guess it is possible with some sneaky pam engineering, I will look into that next. Thanks for the help! Cheers, Morten -- Morten Kjeldgaard, Asc. professor, Ph.D. Department of Molecular Biology, Aarhus University Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178 Home +45 86188180 * http://www.bioxray.dk/~mok