openssh ignores locked account using public key authentication

Ross Werner ross at
Tue Oct 4 15:22:02 MDT 2005

On Tue, 4 Oct 2005, Andrew McNabb wrote:
> On Tue, Oct 04, 2005 at 03:05:00PM -0600, Ross Werner wrote:
>> Does that work to completely lock someone out?
> I guess it all depends on how you define completely locking someone out.
> A user can always find a world writeable directory such as /tmp and put
> a setuid binary there.

Well, not if they can't get access to the box at all :-)

By "completely locking someone out" I meant "they can't log in or access 
files with any method, assuming they can't log in to any other accounts on 
the box". No guarantees if that last assumption doesn't hold true :-)

 	~ Ross

More information about the PLUG mailing list