Public bug reported:
Disabling/locking a user account will not prevent a user from logging into your server remotely if they have previously set up public key authentication. A workaround is to restrict access to a sshlogin group and parallely maintaining it, https://help.ubuntu.com/9.10/serverguide/C/user-management.html however sshd should always check if user has not been locked (PAM). ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- public key authentication grants access even for locked accounts https://bugs.launchpad.net/bugs/496008 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
