HPE Community
Operating System - HP-UX
1833770 Members
2523 Online
110063 Solutions
New Discussion

Re: ssh logins to disabled users

 
Ing Meloni
Advisor

‎08-27-2001 05:47 AM

‎08-27-2001 05:47 AM

ssh logins to disabled users

I use OpenSSH on my servers.
I noticed people can login with ssh even if their accounts have been disabled.
I just installed the latest version (v. 2.9p2) with no improvements.
There is a way to avoid this?

Thanks

Claudio Arlandini
0 Kudos
Reply
6 REPLIES 6
harry d brown jr
Honored Contributor

‎08-27-2001 05:54 AM

‎08-27-2001 05:54 AM

Re: ssh logins to disabled users

To disable an account, change the password field in the /etc/passwd file to an asterisk '*' and change the login shell to /bin/false.
Live Free or Die
0 Kudos
Reply
Ing Meloni
Advisor

‎08-27-2001 06:02 AM

‎08-27-2001 06:02 AM

Re: ssh logins to disabled users

It sure works this way, but it is not really manageable in my case. I have more or less 300 active users on the system.
By the way, how can I receive a notification
when one of my users is disabled for
password expiring, or too many unsuccessful login attempts?
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎08-27-2001 06:18 AM

‎08-27-2001 06:18 AM

Re: ssh logins to disabled users

I don't think OpenSSH uses much of the default login info.

Check this link out:

http://www.sunmanagers.org/pipermail/summaries/2001-March/000293.html

Live Free or Die
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎08-27-2001 02:20 PM

‎08-27-2001 02:20 PM

Re: ssh logins to disabled users

Check for a UseLogin option in the sshd.conf file.
If it is turned of login has no chance to check for
disabled logins.

If login doen't catch the disabled accounts, you
may be able to check in the profile script.
0 Kudos
Reply
James Beamish-White
Trusted Contributor

‎09-25-2001 07:43 AM

‎09-25-2001 07:43 AM

Re: ssh logins to disabled users

You could script the change of a shell to /bin/false. e.g.
#!/bin/sh
# lockuser.sh

passwd -s /bin/false $1 # Changes shell
passwd -l $1 # Locks account
GARDENOFEDEN> create light
0 Kudos
Reply
Patrick Wirth
Frequent Advisor

‎10-02-2001 07:43 AM

‎10-02-2001 07:43 AM

Re: ssh logins to disabled users

I'm in the process of trying to compile openssh on my servers. Although not yet successful, I seem to have seen some information or flags that have to do with PAM modules and making openssh PAM aware. There might be something related to this that will do what you want.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.