[Bug 1696] New: output an error message when an account is locked

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jan 11 06:34:15 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1696

           Summary: output an error message when an account is locked
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: vincent at vinc17.org


On an account with no password ("user" on a Nokia N900), I set up RSA
authentication, but ssh still asked me a password. After looking at
sshd debug messages on the N900 (server from OpenSSH 5.1p1), I saw that
this was because the account was locked. This surprised me because
there is no such behavior with OpenSSH 4.7p1 on the N810. In fact I
wasn't aware of the notion of locked accounts for ssh until now.

So, I think it would be better for the end user if ssh output an error
message saying that the account is locked instead of asking a password.
Or would that be a security problem? If yes, even if the server checks
that the public key is authorized and outputs the error message only in
this case?

Also, though the sshd(8) man page has a paragraph about locked
accounts, there's nothing in the ssh(1) man page.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list