I respectfully disagree with Jamie Strandboge regarding his statement: "ssh public key logins are not disabled by the use of '!'."
OpenSSH, when *not* relying on PAM for account checking (ie "UsePAM no"), will itself consider an account "locked" if the user's password field in the shadow file is prefixed with "!". See http://anonscm.debian.org/cgit/pkg- ssh/openssh.git/tree/auth.c?id=ce470e3bc0e39e71be0dbb809e29621466ac2bac#n139 and http://anonscm.debian.org/cgit/pkg- ssh/openssh.git/tree/configure.ac?id=ce470e3bc0e39e71be0dbb809e29621466ac2bac#n770 . You can clearly see in your example that you were using PAM (though the log file explicitly shows that sshd was using PAM for session processing, that implicitly reveals that sshd was using PAM also for account processing as both are used when "UsePAM yes"). When sshd uses PAM for account processing, PAM does not regard the exclamation mark or asterisks (ie "!" or "*") as locking the account and PAM does not prevent the SSH session from proceeding as OpenSSH does when performing accounting checking itself. I found this bug report when searching the internet for 'ssh "User root not allowed because account is locked"' and through the tip that "!" and "*" are sometimes treatly differently in regard to OpenSSH, I was able to figure out the difference in detail. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in Ubuntu. https://bugs.launchpad.net/bugs/296841 Title: root account has ! as default password To manage notifications about this bug go to: https://bugs.launchpad.net/vmbuilder/+bug/296841/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
