Lars Noodén wrote: > Eero Volotinen wrote: > > Lars Noodén wrote: > >> Another way would be to try 'passwd -l' to lock the accounts and then > >> later use 'passwd -u' to unlock them. > > > > Does it also work for ssh public keys also? I think recommended way is > > to use chage: http://linux.die.net/man/1/chage > > Good point. 'passwd -l' does not seem to work against keys it does work > against regular log in.
Also use 'passwd -e' as in 'passwd -el someuser' that way it will be both locked and expired and will block ssh. # passwd -el someuser Example: $ ssh example id WARNING: Your password has expired. Password change required but no TTY available. Of course trying to log in as the user interactively will trigger the same password change as if it were only expired. $ ssh example WARNING: Your password has expired. You must change your password now and login again! Changing password for someuser. (current) UNIX password: ANY.PASS.WORD passwd: Authentication failure passwd: password unchanged Connection to example closed. However because the password is also locked it is then impossible for the user to match the previous password and they will not be able to unlock it. Bob
signature.asc
Description: Digital signature
