What actually IS the functionality of the “lock user†function on Ubuntu Landscape?
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
I'm testing out Ubuntu Landscape, but the only client I have available to me is only accessible via SSH. I've tried locking the user on it as described in the documentation, but when that's finished I can still SSH into the user just fine. I noticed the sudo command doesn't work on the "locked" user, however.
My questions are, what is the scope on the Landscape user lock, what does it look like when a locked user tries to log in, and is there a way to make it so that the lock targets SSH as well besides simply disabling SSH?
ssh juju landscape
asked May 24 at 21:14
DrChong
32
add a comment |Â
up vote
0
down vote
favorite
I'm testing out Ubuntu Landscape, but the only client I have available to me is only accessible via SSH. I've tried locking the user on it as described in the documentation, but when that's finished I can still SSH into the user just fine. I noticed the sudo command doesn't work on the "locked" user, however.
My questions are, what is the scope on the Landscape user lock, what does it look like when a locked user tries to log in, and is there a way to make it so that the lock targets SSH as well besides simply disabling SSH?
ssh juju landscape
asked May 24 at 21:14
DrChong
32
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm testing out Ubuntu Landscape, but the only client I have available to me is only accessible via SSH. I've tried locking the user on it as described in the documentation, but when that's finished I can still SSH into the user just fine. I noticed the sudo command doesn't work on the "locked" user, however.
My questions are, what is the scope on the Landscape user lock, what does it look like when a locked user tries to log in, and is there a way to make it so that the lock targets SSH as well besides simply disabling SSH?
ssh juju landscape
asked May 24 at 21:14
DrChong
32
I'm testing out Ubuntu Landscape, but the only client I have available to me is only accessible via SSH. I've tried locking the user on it as described in the documentation, but when that's finished I can still SSH into the user just fine. I noticed the sudo command doesn't work on the "locked" user, however.
My questions are, what is the scope on the Landscape user lock, what does it look like when a locked user tries to log in, and is there a way to make it so that the lock targets SSH as well besides simply disabling SSH?
ssh juju landscape
asked May 24 at 21:14
DrChong
32
asked May 24 at 21:14
DrChong
32
asked May 24 at 21:14
DrChong
32
asked May 24 at 21:14
DrChong
32
32
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
There is actually nothing specific to landscape there.
In short, locked account are users for which the password entry starts with a "!", thus disabling password access (see man passwd on your system for more details). It generally doesn't look different from a failed password attempt.
ssh may still allow key based authentication for locked users depending on its configuration. UsePAM yes is known to have that effect, and is enabled by default on Ubuntu.
Here are a couple ways you can achieve user locking:
- set
UsePAM noin sshd_config - disable PubkeyAuthentication
- not use locking mechanism but rather set expiration date on the user
- set the shell of the user to
/usr/sbin/nologin - there are probably other settings related to PAM you can use, but I'm not familiar enough with them
answered May 26 at 14:31
simpoir
1964
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
There is actually nothing specific to landscape there.
In short, locked account are users for which the password entry starts with a "!", thus disabling password access (see man passwd on your system for more details). It generally doesn't look different from a failed password attempt.
ssh may still allow key based authentication for locked users depending on its configuration. UsePAM yes is known to have that effect, and is enabled by default on Ubuntu.
Here are a couple ways you can achieve user locking:
- set
UsePAM noin sshd_config - disable PubkeyAuthentication
- not use locking mechanism but rather set expiration date on the user
- set the shell of the user to
/usr/sbin/nologin - there are probably other settings related to PAM you can use, but I'm not familiar enough with them
answered May 26 at 14:31
simpoir
1964
add a comment |Â
up vote
0
down vote
accepted
There is actually nothing specific to landscape there.
In short, locked account are users for which the password entry starts with a "!", thus disabling password access (see man passwd on your system for more details). It generally doesn't look different from a failed password attempt.
ssh may still allow key based authentication for locked users depending on its configuration. UsePAM yes is known to have that effect, and is enabled by default on Ubuntu.
Here are a couple ways you can achieve user locking:
- set
UsePAM noin sshd_config - disable PubkeyAuthentication
- not use locking mechanism but rather set expiration date on the user
- set the shell of the user to
/usr/sbin/nologin - there are probably other settings related to PAM you can use, but I'm not familiar enough with them
answered May 26 at 14:31
simpoir
1964
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
There is actually nothing specific to landscape there.
In short, locked account are users for which the password entry starts with a "!", thus disabling password access (see man passwd on your system for more details). It generally doesn't look different from a failed password attempt.
ssh may still allow key based authentication for locked users depending on its configuration. UsePAM yes is known to have that effect, and is enabled by default on Ubuntu.
Here are a couple ways you can achieve user locking:
- set
UsePAM noin sshd_config - disable PubkeyAuthentication
- not use locking mechanism but rather set expiration date on the user
- set the shell of the user to
/usr/sbin/nologin - there are probably other settings related to PAM you can use, but I'm not familiar enough with them
answered May 26 at 14:31
simpoir
1964
There is actually nothing specific to landscape there.
In short, locked account are users for which the password entry starts with a "!", thus disabling password access (see man passwd on your system for more details). It generally doesn't look different from a failed password attempt.
ssh may still allow key based authentication for locked users depending on its configuration. UsePAM yes is known to have that effect, and is enabled by default on Ubuntu.
Here are a couple ways you can achieve user locking:
- set
UsePAM noin sshd_config - disable PubkeyAuthentication
- not use locking mechanism but rather set expiration date on the user
- set the shell of the user to
/usr/sbin/nologin - there are probably other settings related to PAM you can use, but I'm not familiar enough with them
answered May 26 at 14:31
simpoir
1964
answered May 26 at 14:31
simpoir
1964
answered May 26 at 14:31
simpoir
1964
answered May 26 at 14:31
simpoir
1964
1964
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1039989%2fwhat-actually-is-the-functionality-of-the-lock-user-function-on-ubuntu-landsca%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password