openssh ignores locked account using public key authentication
ross at agilestudios.com
Tue Oct 4 15:05:00 MDT 2005
> On Oct 4, 2005, at 1:45 PM, Corey Edwards wrote:
>> The problem there is that now their UID is gone so files owned by that
>> user won't show an owner, just a number. And you have the possibility of
>> re-using that UID.
What if you left the entry in /etc/passwd but in addition to setting the
password field to !! (or some other invalid hash), you changed their home
directory as well? (Perhaps to /home/user-locked or something similar.)
Then ssh-keys won't be able to access any private keys in their ~/.ssh/
directory (because ~/ will now be a non-existent directory).
Does that work to completely lock someone out?
More information about the PLUG