Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unable to ssh into locked user

Tags:

linux

ssh

capistrano

I'm following the setup guide for Capistrano (http://capistranorb.com/documentation/getting-started/authentication-and-authorisation/). However I found that I'm not able to ssh into the computer with the locked user ('deploy'). I checked /var/log/auth.log and it says:

sshd[29163]: User deploy not allowed because account is locked
sshd[29163]: input_userauth_request: invalid user deploy [preauth]

After I unlock the user using passwd -u deploy, I'm able to ssh into the computer.

I checked man page for passwd and it says:

-l, --lock
       Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the
       beginning of the password).

       Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account,
       administrators should use usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970).

       Users with a locked password are not allowed to change their password.

From the section "Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key)." it seems that I should be able to ssh into the computer with the user locked, but it's not what I'm seeing. Does anyone know why? I'm running Ubuntu 12.04.4 LTS.

like image 691
rchen Avatar asked Aug 08 '14 01:08

rchen

People also ask

How long does SSH lockout last?

The default duration for lockout is 120 seconds.

How do you unlock a user in Ubuntu?

How to unlock users in Linux? Option 1: Use the command “passwd -u username”. Unlocking password for user username. Option 2: Use the command “usermod -U username”.

Video Answer

2 Answers

What the man page says is not that you will be able to use SSH to log into a locked account. What the man page says is that if you have set up SSH keys for non-password login to the account, such login might still work when the password is locked, because SSH key login uses the SSH key instead of the password as the authentication token, bypassing the password-authentication step which would fail.

However, even with non-password login working, it only says that it may work. The authentication process is partially controlled/managed by PAM, so if you have your SSH keys set up, and you are able to login to the 'deploy' user without a password as long as it has a valid password, and you are not able to login to the 'deploy' user when the password is locked, look into your PAM configuration.

like image 120
This isn't my real name Avatar answered Oct 16 '22 21:10

This isn't my real name

In Ubuntu, your user might be locked if it has no password at all. Setting one did fix things for me a couple of times

like image 38
SystematicFrank Avatar answered Oct 16 '22 21:10

SystematicFrank
Sign in to Comment

Related questions

inet_aton normalization of a IPv4 address
How to get the second latest file in a folder in Linux
Getting message "module license 'unspecified' taints kernel " despite setting MODULE_LICENSE
expect utility is not working when executing from jenkins
How to print a number in ARM assembly?
Ucontext in linux
Three dots directory traversal with mv [closed]
O_DIRECT vs. O_SYNC on Linux/FreeBSD
How to Capture Remote System network traffic?
How to setup a periodic timer callback in a Linux kernel module
Disconnect and reconnect ttyUSB0 programmatically in Linux
Linux : Glib was not found
Are system calls on Windows inherently slower than Linux?
Using interrupt 0x80 on 64-bit Linux [duplicate]
Linux/C++: getting user's directory without leaks
Write/Read to/from FIFO files - linux
Is there a non-blocking method to check for data faster than select() and poll()?
Bash: Split stdout from multiple concurrent commands into columns
GCC installation Error
Location of my .vimrc file in Ubuntu 14.04

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!