# Gentoo,Pam and SSH[solved]

## GNUtoo

hello, 

I've followed this tutorial: http://www.cyberciti.biz/tips/linux-pam-configuration-that-allows-or-deny-login-via-the-sshd-server.html

But it doesn't deny access to a user...

What could be wrong...

Is it because i've an old pam(0.99.9.0)? 

Is it my sshd configuration(i've put UsePAM yes) ? 

Should i restart my computer? 

And is it possible to prevent passwords logins via pam,or have something like s/key(single sign on password) but more secure?Last edited by GNUtoo on Wed Oct 22, 2008 10:21 am; edited 1 time in total

----------

## GNUtoo

on my laptop(newer pam) it worked but i had to disable ssh's skey(that's not secure anymore so better finding a better one time password implementation)

----------

## GNUtoo

mmm...while it seems to use pam...(according to /usr/sbin/sshd -f /etc/ssh/sshd_config -d and to lsof it uses it)

but when i remove a user from the list...the user can still login(with ssh keys)

----------

## manaka

openssh doesn't authenticate via PAM when using publickey method. It only invokes the account and session modules (not the auth ones).

You could try changing from auth module type to account type. I.e, you should change from...

```

auth required pam_listfile.so item=user sense=allow file=/etc/sshd/sshd.allow onerr=fail

```

to...

```

account required pam_listfile.so item=user sense=allow file=/etc/sshd/sshd.allow onerr=fail

```

Haven't tried this... But should work...

You could also try setting DenyUsers and DenyGroups directives.

----------

## GNUtoo

thanks a lot it works

----------

