/etc/login.access does not appear to be working



  • 2.3.2-RELEASE-p1 (amd64)
    built on Tue Sep 27 12:13:07 CDT 2016
    FreeBSD 10.3-RELEASE-p9

    In previous versions of pfsense, /etc/login.access would restrict who could logon from where.

    by adding a few lines, I could restrict root logons from a particular host to pfsense:

    • : root : 10.0.0.10
    • : root : ALL

    It seems to no longer work in this version of pfsense? No matter how I configure /etc/login.access,
    any host that knows root password can login.  Yes, I am aware that I can set firewall rules to prevent
    this, and have done so, but I prefer to have many layers of security.

    /etc/pam.d/ssh appears to have the correct line:
    account        required        pam_login_access.so

    It seems that this file is just being ignored?

    -al


Log in to reply