group ssh check was removed

https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/27
2024-10-01 08:25:45 -04:00 · 2019-12-31 02:46:32 -05:00 · 2019-12-31 02:46:32 -05:00 · 788914de95
commit 788914de95
parent 06ed728d79
1 changed files with 0 additions and 20 deletions
--- a/usr/lib/security-misc/pam_tally2-info
+++ b/usr/lib/security-misc/pam_tally2-info
@ -8,26 +8,6 @@ grep_result="$(grep "accessfile=/etc/security/access-security-misc.conf" /etc/pa
 if ! echo "$grep_result" | grep -q "#" ; then
   ## https://forums.whonix.org/t/etc-security-hardening-console-lockdown/8592

-   if [ "$PAM_SERVICE" = "sshd" ]; then
-      if id --name --groups --zero "$PAM_USER" | grep --quiet --null-data --line-regexp --fixed-strings "ssh"; then
-         ssh_allowed=true
-      fi
-      if [ ! "$ssh_allowed" = "true" ]; then
-         echo "$0: ERROR: PAM_USER: '$PAM_USER' is not a member of group 'ssh'" >&2
-         echo "$0: To unlock, run the following command as superuser:" >&2
-         echo "$0: (If you still have a sudo/root shell somewhere.)" >&2
-         echo "" >&2
-         echo "addgroup $PAM_USER ssh" >&2
-         echo "" >&2
-         echo "$0: However, possibly unlock procedure is required." >&2
-         echo "$0: First boot into recovery mode at grub boot menu and then run above command." >&2
-         echo "$0: See also:" >&2
-         echo "https://www.whonix.org/wiki/root#ssh" >&2
-         echo "" >&2
-         exit 0
-      fi
-   fi
-
   if id --name --groups --zero "$PAM_USER" | grep --quiet --null-data --line-regexp --fixed-strings "console"; then
      console_allowed=true
   fi