> I have a locked user account on the system. Anyone who wants to use this
> account has to login as the root, then "su" to that account(it was marked as
> "LK" in the /etc/shadow file). I am trying to use ssh from host a to host b
> with the locked account, and I created the identity, identity.pub files on
> host a under $HOME/.ssh directory and copied identity.pub to host b as
> authoized_keys under $HOME/.ssh. The user was locked on both hosts. When I
> issued the "ssh b" command, it prompt for the user's password which doesn't
> exist becasue the user was locked. I user "ssh -v a", it tells me "Trying
> RSA authentication with key user@hosta, server refused our key". If I
> unlocked the user, it works. My question is: Can SSH be used in this case ?
There are two things that need to be looked at:
1) the difference between a "locked" account and one with an untypeable
password
2) is the SSH daemon set up to use the base OSs "login" procedure
or to do the change-UID &c itself
If the SSH daemon is using the base OS "login", *or* simulating it well enough,
the the difference in (1) will matter; and I suspect you may need to change
the "locked" accounts to be unlocked but with inpossible passwords.
--
David Pick
