It worked if I lock the user by using "x" instead of "*LK*" in the
/etc/shadow file. Thx.
Philip
-----Original Message-----
From: David Pick [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 3:03 AM
To: Shangguan , Philip
Cc: '[EMAIL PROTECTED]'
Subject: Re: Locked user account in SSH
> I have a locked user account on the system. Anyone who wants to use this
> account has to login as the root, then "su" to that account(it was marked
as
> "LK" in the /etc/shadow file). I am trying to use ssh from host a to host
b
> with the locked account, and I created the identity, identity.pub files on
> host a under $HOME/.ssh directory and copied identity.pub to host b as
> authoized_keys under $HOME/.ssh. The user was locked on both hosts. When I
> issued the "ssh b" command, it prompt for the user's password which
doesn't
> exist becasue the user was locked. I user "ssh -v a", it tells me "Trying
> RSA authentication with key user@hosta, server refused our key". If I
> unlocked the user, it works. My question is: Can SSH be used in this case
?
There are two things that need to be looked at:
1) the difference between a "locked" account and one with an untypeable
password
2) is the SSH daemon set up to use the base OSs "login" procedure
or to do the change-UID &c itself
If the SSH daemon is using the base OS "login", *or* simulating it well
enough,
the the difference in (1) will matter; and I suspect you may need to change
the "locked" accounts to be unlocked but with inpossible passwords.
--
David Pick
