https://bugzilla.mindrot.org/show_bug.cgi?id=1696
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> --- (In reply to Vincent Lefevre from comment #0) > So, I think it would be better for the end user if ssh output an > error message saying that the account is locked instead of asking a > password. Or would that be a security problem? If yes, even if the > server checks that the public key is authorized and outputs the > error message only in this case? Sorry for the inconvenience but I don't think we're going to change the behaviour. It's poor form to leak information to unauthorized users (and in the case where the account is locked, the user is not authorized). > Also, though the sshd(8) man page has a paragraph about locked > accounts, there's nothing in the ssh(1) man page. This is behaviour is entirely within sshd, so attempting to document it in ssh would be incorrect. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
