Re: Per-user public key/password selection possible?
From: Raphaël Marichez (raphael.marichez_at_polytechnique.org)
Date: 11/02/05
- Previous message: Andrea Cucciarre' - Sun Microsystems - Italy: "how to trace all users connection except some users"
- In reply to: Bjorn Steensrud: "Per-user public key/password selection possible?"
- Next in thread: Greg Wooledge: "Re: Per-user public key/password selection possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secureshell@securityfocus.com Date: Wed, 2 Nov 2005 09:46:16 +0100
> On a HP-UX 11 system we have an account that was created by a script, with
> a locked account - i.e. a "*" in /etc/password
> to prevent logging in to this account with password authentication. Could
> it still be possible to log in with ssh using pubkey authentication?
it works on linux, it may work on your system. I suppose your system is not
using /etc/shadow
Be sure that your user has a valid shell in /etc/passwd
If you're using /etc/shadow, you may have a "x" in /etc/passwd (like every
regular user) and something like a "*" or "!" in /etc/shadow (not sure this
is necessary, but it works for me)
e.g., to have an user nammed "save", used in automatique backup replication
(fish) :
/etc/passwd:
save:x:108:108:,,,:/home/save:/bin/bash
/etc/shadow:
save:!:13030:0:99999:7:::
Cheers,
-- Raphaël Marichez raphael.marichez@polytechnique.org
- application/pgp-signature attachment: stored
- Previous message: Andrea Cucciarre' - Sun Microsystems - Italy: "how to trace all users connection except some users"
- In reply to: Bjorn Steensrud: "Per-user public key/password selection possible?"
- Next in thread: Greg Wooledge: "Re: Per-user public key/password selection possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
