Subject: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
To: None <,,>
From: Geert Hendrickx <>
List: tech-pkg
Date: 01/12/2007 13:34:32
On Fri, Jan 12, 2007 at 01:18:58PM +0100, Pavel Cahyna wrote:
> needn't password. see the passwd(5) manual page.
> btw on my system, when I've installed cyrus-sasl, the cyrus user has the
> password disabled (it is all asterisks).
> But for some reason it has /bin/sh as shell, not /sbin/nologin.

What I usually do is add a line "AllowGroups sshd" to /etc/ssh/sshd_config and
add only those users who are allowed to login via ssh to that group.  The nice
thing is you don't have to restart sshd when adding/removing users to/from the
sshd group.