openssh ignores locked account using public key authentication
Ross Werner
ross at agilestudios.com
Tue Oct 4 15:22:02 MDT 2005
On Tue, 4 Oct 2005, Andrew McNabb wrote:
> On Tue, Oct 04, 2005 at 03:05:00PM -0600, Ross Werner wrote:
>> Does that work to completely lock someone out?
>
> I guess it all depends on how you define completely locking someone out.
> A user can always find a world writeable directory such as /tmp and put
> a setuid binary there.
Well, not if they can't get access to the box at all :-)
By "completely locking someone out" I meant "they can't log in or access
files with any method, assuming they can't log in to any other accounts on
the box". No guarantees if that last assumption doesn't hold true :-)
~ Ross
More information about the PLUG
mailing list