Re: [gentoo-user] How to expire ssh user?
Ah...sorry good point. I'm not 100% up to speed on how key auth works, been a while since I played with it...can't you just remove / rename the key files from their home dir? Kev Jose Gonzalez Gomez wrote: This works in the case the user uses password authentication, but what about public key authentication? I've tried and in this case the user can still login after disabling it with usermod -L. Thanks, regards Jose Kev wrote: Or use usermod (man usermod) It can disable the account for you instantly (usermod -L username) or after a certain time frame (usermod -e) But Franks suggestion will work equally well...just in case you don't fancy editing the shadow file manually :) Kev Frank Schäfer wrote: Hi, put a trailing '*' to the password field in /etc/shadow. Regards Frank On Tue, 2003-11-11 at 12:26, Jose Gonzalez Gomez wrote: Hi there, I'd like to expire an user, so he is no longer able to login to a machine using ssh. How can you acomplish this? I would like to keep the user, and all its information (including password, public/private keys...) so I can reactivate it later. Regards, Jose -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] How to expire ssh user?
Maybe changing her shell to /bin/false ? I'm not 100% up to speed on how key auth works, been a while since I played with it...can't you just remove / rename the key files from their home dir? Kev Jose Gonzalez Gomez wrote: This works in the case the user uses password authentication, but what about public key authentication? I've tried and in this case the user can still login after disabling it with usermod -L. -- mathieu perrenoud -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] How to expire ssh user?
Kev, Yes, I guess I can do it, but I thought there would be a cleaner way to do it. Thanks, regards Kev wrote: Ah...sorry good point. I'm not 100% up to speed on how key auth works, been a while since I played with it...can't you just remove / rename the key files from their home dir? Kev Jose Gonzalez Gomez wrote: This works in the case the user uses password authentication, but what about public key authentication? I've tried and in this case the user can still login after disabling it with usermod -L. Thanks, regards Jose Kev wrote: Or use usermod (man usermod) It can disable the account for you instantly (usermod -L username) or after a certain time frame (usermod -e) But Franks suggestion will work equally well...just in case you don't fancy editing the shadow file manually :) Kev Frank Schäfer wrote: Hi, put a trailing '*' to the password field in /etc/shadow. Regards Frank On Tue, 2003-11-11 at 12:26, Jose Gonzalez Gomez wrote: Hi there, I'd like to expire an user, so he is no longer able to login to a machine using ssh. How can you acomplish this? I would like to keep the user, and all its information (including password, public/private keys...) so I can reactivate it later. Regards, Jose -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] How to expire ssh user?
This works in both cases, thanks a lot Regards Jose mathieu wrote: Maybe changing her shell to /bin/false ? I'm not 100% up to speed on how key auth works, been a while since I played with it...can't you just remove / rename the key files from their home dir? Kev Jose Gonzalez Gomez wrote: This works in the case the user uses password authentication, but what about public key authentication? I've tried and in this case the user can still login after disabling it with usermod -L.
Re: [gentoo-user] How to expire ssh user?
ssh [EMAIL PROTECTED] /bin/bash I would tar up and remove (or simply rename) the homedir so the keys are no longer accessible, in addition to usermod -L. On Tue, 11 Nov 2003, mathieu wrote: Maybe changing her shell to /bin/false ? I'm not 100% up to speed on how key auth works, been a while since I played with it...can't you just remove / rename the key files from their home dir? Kev Jose Gonzalez Gomez wrote: This works in the case the user uses password authentication, but what about public key authentication? I've tried and in this case the user can still login after disabling it with usermod -L. -- CAUTION: Product will be hot after heating -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] How to expire ssh user?
Used to be the recommended way of removing a user from your system was to change the username (user becomes _user for example). That way you can retain all the privs, etc in case you want to grant the account to someone else later (like the person's replacement in a work environment). Ric On Tue, 11 Nov 2003, Jose Gonzalez Gomez wrote: Hi there, I'd like to expire an user, so he is no longer able to login to a machine using ssh. How can you acomplish this? I would like to keep the user, and all its information (including password, public/private keys...) so I can reactivate it later. Regards, Jose -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] How to expire ssh user?
I've tried changing a user's shell to /bin/false and connected with ssh [EMAIL PROTECTED] /bin/bash, but I didn't get a shell... ?! On Tue, 11 Nov 2003, Marshal Newrock wrote: ssh [EMAIL PROTECTED] /bin/bash I would tar up and remove (or simply rename) the homedir so the keys are no longer accessible, in addition to usermod -L. On Tue, 11 Nov 2003, mathieu wrote: Maybe changing her shell to /bin/false ? I'm not 100% up to speed on how key auth works, been a while since I played with it...can't you just remove / rename the key files from their home dir? Kev Jose Gonzalez Gomez wrote: This works in the case the user uses password authentication, but what about public key authentication? I've tried and in this case the user can still login after disabling it with usermod -L. -- CAUTION: Product will be hot after heating -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list