On Wed, 4 Jul 2001, Kieran Barry wrote:
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> >
> > Hello,
> >
> > I'm not a developer so I hope I'm asking this in the right
> > forum. I am
> > using openssh 2.5.2 to 2.9 something on various boxes.
> >
> > My question is this: If I have a user with
> > ${HOME}/.ssh/authorized_keys
> > file with his public key in it and I disable his account by
> > say disabling
> > his password in /etc/shadow he can still log in using public key
> > authorization!! I want to encourage people to use ssh and to use
> > authorization using public keys but I also want to be able
> > to disable
> > accounts centrally if I need to. Is this possible?
> >
> There are two directives worth looking at:
> DenyUsers and DenyGroups.
I'm using openssh 2.9p2 on two linux boxes. When I disable a
user, I just modify the shell field of /etc/passwd, like this:
From:
xyz:x:1304:501:,,,:/home/xyz:/bin/bash
To:
xyz:x:1304:501:,,,:/home/xyz:/dev/null
The user will be able to login but he won't have a valid
shell to work on. The behavior of Linux on this case is
to logout the user immediately.
--
"When you make a mistake and don't correct
it, that's what you call a mistake!"
-- Confucius
