Gladstone, Gary wrote: > We were locking a group of users off a Solaris 9 box by do a > "passwd -l <user>". The users were unable to ssh into the box after > doing this either using their password of if they had an authorized_keys > file.
I'm not sure why ssh failed; I use a similar "trick" on my system to ensure that admin users can only log in using authorized_keys and not passwords. > However, users were still able to scp files onto the box if they had an > authorized_keys file. Is there a way to prevent this other than removing > the users authorized_keys files? No as authorized_keys bypasses password authentication and hence being locked out by passwd. What version of SSH are you using? It might be an option to add these users to a particular group and disable public key authentication for them. Or perhaps use some PAM restriction? Ben
