[nycbug-talk] host.allow capability in login.conf ignored?

[csnyder]

I set up a login class for the first time today, which looks like this
in /etc/login.conf:

student:\
        :filesize=4M:\
        :maxproc=3:\
        :host.allow=209.11.29.178,localhost:\
        :tc=default:

Ran cap_mkdb and logged in as a student via ssh. I was limited to only
3 processes, which was good (this will be an scponly account). But I
was able to log in from a host which was not in the host.allow list.

Does ssh bypass this somehow? Or is host.allow ignored? I read TFM and
it only said that idletime was unimplemented...

   chris.