openssh ignores locked account using public key authentication

Ross Werner ross at agilestudios.com
Tue Oct 4 15:22:02 MDT 2005


On Tue, 4 Oct 2005, Andrew McNabb wrote:
> On Tue, Oct 04, 2005 at 03:05:00PM -0600, Ross Werner wrote:
>> Does that work to completely lock someone out?
>
> I guess it all depends on how you define completely locking someone out.
> A user can always find a world writeable directory such as /tmp and put
> a setuid binary there.

Well, not if they can't get access to the box at all :-)

By "completely locking someone out" I meant "they can't log in or access 
files with any method, assuming they can't log in to any other accounts on 
the box". No guarantees if that last assumption doesn't hold true :-)

 	~ Ross



More information about the PLUG mailing list