Subject: Re: ssh and a missing shell (is there a fallback shell?)
To: Hisashi T Fujinaka <>
From: Steven M. Bellovin <>
List: current-users
Date: 06/09/2005 15:37:43
In message <>, Hisashi T Fujinak
a writes:
>Hmm. Would /bin/false give you better feedback as to why the login is
>failing? I suppose no feedback is more secure, but I was debugging CVS
>and yeesh, what a mess.

Except in very special circumstances, giving no feedback rarely adds 
any noticeable amount of security.  Making services hard to debug hurts 
availability -- and availability is itself a component of security.

		--Steven M. Bellovin,