man 1 passwd and reading the text regarding the -l option specifically
says:
Note that this does not disable the account. The user may still be able to
login using another
authentication token (e.g. an SSH key). To disable the account,
administrators should use usermod
--expiredate 1 (this set the account´s expire date to Jan 2, 1970).
So this is not a bug. Changing status to invalid.
** Changed in: openssh (Ubuntu)
Status: New => Invalid
--
public key authentication grants access even for locked accounts
https://bugs.launchpad.net/bugs/496008
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
