On Monday 03 October 2005 01:40 pm, Erik R. Jensen wrote: > It appears that when using public key authentication with openssh, the > locked status of an account is ignored. This means I can issue "passwd > -l", and if the user had setup ssh keys for authentication, they can still > login. I know there are other ways to further lock an account which I have > been doing, but I really just want openssh to respect the "!" that gets > placed in the shadow file when a "passwd -l" is issued. Is there a change > I can make in /etc/pam.d/sshd to force this check to happen or something I > am just overlooking? > > I don't have this problem on the AIX and Solaris machines I manage, just > the Linux boxen. I have done a little digging, but nothing in depth and > thought I would post to the list to see if it can save me some time. > Thanks.
If ssh is merely execing a shell, then: echo "logout" >> /home/$USER/.bash_profile would probably do the trick. But, sftp may then still provide a hole around it. -- Respectfully, Nicholas Leippe Sales Team Automation, LLC 1335 West 1650 North, Suite C Springville, UT 84663 +1 801.853.4090 http://www.salesteamautomation.com /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
