> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
>
> Hello,
>
> I'm not a developer so I hope I'm asking this in the right
> forum. I am
> using openssh 2.5.2 to 2.9 something on various boxes.
>
> My question is this: If I have a user with
> ${HOME}/.ssh/authorized_keys
> file with his public key in it and I disable his account by
> say disabling
> his password in /etc/shadow he can still log in using public key
> authorization!! I want to encourage people to use ssh and to use
> authorization using public keys but I also want to be able
> to disable
> accounts centrally if I need to. Is this possible?
>
There are two directives worth looking at:
DenyUsers and DenyGroups.
Haven't played with them much, but they ought to be useful.
Regards
Kieran
