tech-net: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?

Subject: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
To: None <tech-net@NetBSD.org, tech-pkg@NetBSD.org, netbsd-users@NetBSD.org>
From: Geert Hendrickx <ghen@telenet.be>
List: tech-net
Date: 01/12/2007 13:34:32

On Fri, Jan 12, 2007 at 01:18:58PM +0100, Pavel Cahyna wrote:
> needn't password. see the passwd(5) manual page.
> 
> btw on my system, when I've installed cyrus-sasl, the cyrus user has the
> password disabled (it is all asterisks).
> 
> But for some reason it has /bin/sh as shell, not /sbin/nologin.

What I usually do is add a line "AllowGroups sshd" to /etc/ssh/sshd_config and
add only those users who are allowed to login via ssh to that group.  The nice
thing is you don't have to restart sshd when adding/removing users to/from the
sshd group.

	Geert