adduser --disabled-login still allows for SSH RSA keys login
Bug #1180553 reported by
Rodney Beede
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adduser (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
adduser --disabled-login --gecos "" --shell /bin/bash testuser
I am not prompted for a password as expect, but if I create a .ssh/authorized
I should not be able to login at all.
Ubuntu 13.04 64-bit Server edition.
The fix would be to also set the account to be immediately expired in the same manner as doing "usermod --expiredate 1" does in addition to marking the password disabled.
If this fix cannot be done then the man page for adduser should be updated to warn about this.
To post a comment you must log in.
Corrected package