| sean finney on Sat, 23 Nov 2002 19:26:20 -0500 |
|
On Sat, Nov 23, 2002 at 03:52:49PM -0500, gabriel rosenkoetter wrote: > He wanted to specify it on the server side, not the user side, and > for a subset of his users, not all of them. ah. my bad. well by default it tries pubkey authentication before password authentication, so if they have valid keys then they won't get prompted anyway :) > Only way is the gold star club (or anything that isn't a valid SHA1 > or md5 hash) in /etc/shadow (or wherever your shared secret password > file lives). Looks like each Linux distro uses a different > passwd(1), none of the overtly GNU (at least, Red Hat's and Debian's > are different), and all that POSIX speicifies about -l (if memory > serves) is that it lock the account. I'm fairly sure that Red Hat's > replaces the existing password with "!!". I don't know what Debian > does. i believe debian prepends an ! to the hash, such that passwd -u will unlock it and at the same time it's an impossible hash. > Having sections specific to users in sshd_config, like we have > sections specific to hosts in ssh_config would be nice. Hell, having > sections specific to local interfaces in sshd_config would be nice; yeah, and having a host specific ability in sshd_config would be nice too. --sean Attachment:
pgpxgexEVpL14.pgp
|
|