Re: Pam access.conf and host access

From: Shane Hickey (shane@howsyournetwork.com)
Date: 02/20/02


From: Shane Hickey <shane@howsyournetwork.com>
To: Shane Hickey <shane@howsyournetwork.com>
Date: 19 Feb 2002 17:22:34 -0700

Ack... It was just a matter of a missing trailimg dot. I incorrectly
thought that the last "." was only used as a sort of wildcard.

So, it should have been

-:ALL:ALL EXCEPT LOCAL 10.10.0.1.

Thanks to all who responded. Not one person called me an idiot, even
though I prolly deserved it.

Thanks,

shane

On Tue, 2002-02-19 at 10:22, Shane Hickey wrote:
> Hmm.. I'm seeing something weird with the pam-0.75-19 RedHat rpm. I'm
> restricting ssh access to a box using the following for my
> /etc/security/access.conf
>
> -:ALL:ALL EXCEPT LOCAL 10.10.0.1
>
> When I try to ssh in from that IP, I get the following in the logs.
>
> Feb 19 10:04:11 test1 sshd[1774]: PAM rejected by account
> configuration[6]: Permission denied
> Feb 19 10:04:11 test1 sshd[1774]: Failed password for ROOT from
> 10.10.0.1 port 34741 ssh2
>
> However, if I change my access.conf to look like this..
>
> -ALL:ALL EXCEPT LOCAL 10.10.0.
>
> I can log in fine. It's almost like there is a weird bug or something
> that is failing to match a single complete IP in access.conf?
>
> Has anyone else seen this, or am I crazy (or doing something wrong)?
>
> Thanks,
>
> Shane Hickey
>

-- 
Shane Hickey
Network/System Consultant
Howsyournetwork.com
406.240.6675



Relevant Pages

  • Re: Search Ambiguous
    ... Some items in such logs ... would be wrong) rather than the second "A" in the string. ... Why is the second substring "2" only? ... if you are looking for just things that match the wildcard ...
    (microsoft.public.vb.general.discussion)
  • Re: UMRA birthday info for 29 May 2011
    ... your father occurring all the time. ... my teens - the sort of thing that gets rapidly and widely dispersed by ... Use the logs to hit them on the head before they manage to fly off. ...
    (uk.media.radio.archers)
  • Re: [PATCH 0/2][concept RFC] x86: BIOS-save kernel log to disk upon panic
    ... On 01/25/2011 05:16 PM, Randy Dunlap wrote: ... ata_piix is just about ideal for this sort of thing. ... Except, don't use the BIOS to write the logs, ...
    (Linux-Kernel)
  • Re: Online Shared Observation Logs???
    ... Sort of like a astronomy blog of logs? ... There are almost certainly some offline observation logging tools around that will generate some html for you to upload to a website, ...
    (sci.astro)
  • RE: Unusual port scan?
    ... are you able to tell us via your logs what sort of timing there was between ... does the log dump shown here show all of the instances of this port ... being hit by this intruder? ... I am thinking this might be some sort of DOS or attempted DOS attack on your ...
    (Incidents)