openssh ignores locked account using public key authentication

Ross Werner ross at agilestudios.com
Tue Oct 4 15:05:00 MDT 2005


> On Oct 4, 2005, at 1:45 PM, Corey Edwards wrote:
>> The problem there is that now their UID is gone so files owned by that
>> user won't show an owner, just a number. And you have the possibility of
>> re-using that UID.

What if you left the entry in /etc/passwd but in addition to setting the 
password field to !! (or some other invalid hash), you changed their home 
directory as well? (Perhaps to /home/user-locked or something similar.) 
Then ssh-keys won't be able to access any private keys in their ~/.ssh/ 
directory (because ~/ will now be a non-existent directory).

Does that work to completely lock someone out?

 	~ Ross



More information about the PLUG mailing list