Public bug reported:
Disabling/locking a user account will not prevent a user from logging into your server remotely if they have previously set up public key authentication. A workaround is to restrict access to a sshlogin group and parallely maintaining it, https://help.ubuntu.com/9.10/serverguide/C/user-management.html however sshd should always check if user has not been locked (PAM). ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- public key authentication grants access even for locked accounts https://bugs.launchpad.net/bugs/496008 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
