> # Disallow non-root logins when /etc/nologin exists. I didn't have that line in my box and didn't bother to verify what ' pam_nologin.so' stands for. Now I checked that /etc/nologin did not exist in my box (that explains why it worked). -Sharath. -----Original Message----- From: Kosala Atapattu [mailto:kosala.atapattu@xxxxxxxxx] Sent: Thursday, October 16, 2008 11:12 AM To: Sharath Ballal Cc: Christian Grunfeld; chaoson; secureshell@xxxxxxxxxxxxxxxxx Subject: Re: Disable SSH authentication Hi Sharath, On Thu, Oct 16, 2008 at 8:29 AM, Sharath Ballal <Sharath.Ballal@xxxxxxxxxx> wrote: > Kosala , > BTW, I'm not the originator of the request... it's chaoson. > You can still use SSH with PAM and skip both password and key authentication by changing the following entry in /etc/pam.d/sshd file and commenting other auth entries. > > auth sufficient pam_nologin.so no_warn > > i.e. Change the pam_nologin.so to "sufficient" in the auth category and comment all others in this category (I guess even commenting other entries may not be required since we made it "sufficient" but it has to be the first entry, you can try that out). I see this in my Ubuntu box. # Disallow non-root logins when /etc/nologin exists. account required pam_nologin.so The description gives a different definition to pam_nologin.so. Kosala