如果我使用带公钥的 SSH，是否会受到我的用户帐户密码过期的影响？

Question 1

是的，您仍然可以连接。

来源：https://unix.stackexchange.com/questions/6095/what-happens-when-your-password-expires-and-youre-using-key-authentication

Answer

是的，您仍然可以连接。

来源：https://unix.stackexchange.com/questions/6095/what-happens-when-your-password-expires-and-youre-using-key-authentication

Question 2

是的，您可以“连接”，但您需要更改密码，至少在 Ubuntu 发行版上是这样。某些服务器的行为会有所不同。

debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testsftpuser/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 656 bytes for a total of 1799
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open

在您的密码更改之前，不会授予您访问权限：

You are required to change your password immediately (password aged)
Linux devftp01 2.6.66-38-server #43-Ubuntu SMP Thu Sep 16 16:05:42 UTC 2010 x86_64     GNU/Linux
Ubuntu 12.04.4 LTS
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for testsftpuser.
(current) UNIX password:

Answer

是的，您可以“连接”，但您需要更改密码，至少在 Ubuntu 发行版上是这样。某些服务器的行为会有所不同。

debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testsftpuser/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 656 bytes for a total of 1799
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open

在您的密码更改之前，不会授予您访问权限：

You are required to change your password immediately (password aged)
Linux devftp01 2.6.66-38-server #43-Ubuntu SMP Thu Sep 16 16:05:42 UTC 2010 x86_64     GNU/Linux
Ubuntu 12.04.4 LTS
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for testsftpuser.
(current) UNIX password:

Question 3

当密码被锁定或过期时，root 会在密码前放置一个 ! 符号，当用户尝试登录时。其散列提供的密码与其密码不匹配，因为密码前的 ! 不匹配。
解锁时，root 用户会删除密码前的 ! 符号，以便密码条目匹配且用户能够登录。

现在考虑你的情况。

用户已被锁定或已过期
用户尝试使用终端登录，但由于提供的密码与密码数据库不匹配而被阻止。
当他尝试使用 ssh-keys 登录时，它会记录它。

<snip>
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: [email protected]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 528 bytes for a total of 1637
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/atolani/.ssh/identity
debug3: no such identity: /home/atolani/.ssh/identity
debug1: Trying private key: /home/atolani/.ssh/id_rsa
debug3: no such identity: /home/atolani/.ssh/id_rsa
debug1: Trying private key: /home/atolani/.ssh/id_dsa
debug3: no such identity: /home/atolani/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
</snip>

给出的是 ssh 登录的详细输出。

由此我们可以看出，ssh 登录最初尝试检查身份私钥，当上述情况不可用时，转到交互式密码。这表明，在使用 ssh-keys 登录时，用户不会检查密码，因此无法检查密码是否被锁定。

所以是的，如果您的密码已过期或被锁定，您将能够登录（如果配置了密码密钥）。

Answer

当密码被锁定或过期时，root 会在密码前放置一个 ! 符号，当用户尝试登录时。其散列提供的密码与其密码不匹配，因为密码前的 ! 不匹配。
解锁时，root 用户会删除密码前的 ! 符号，以便密码条目匹配且用户能够登录。

现在考虑你的情况。

用户已被锁定或已过期
用户尝试使用终端登录，但由于提供的密码与密码数据库不匹配而被阻止。
当他尝试使用 ssh-keys 登录时，它会记录它。

<snip>
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: [email protected]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 528 bytes for a total of 1637
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/atolani/.ssh/identity
debug3: no such identity: /home/atolani/.ssh/identity
debug1: Trying private key: /home/atolani/.ssh/id_rsa
debug3: no such identity: /home/atolani/.ssh/id_rsa
debug1: Trying private key: /home/atolani/.ssh/id_dsa
debug3: no such identity: /home/atolani/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
</snip>

给出的是 ssh 登录的详细输出。

由此我们可以看出，ssh 登录最初尝试检查身份私钥，当上述情况不可用时，转到交互式密码。这表明，在使用 ssh-keys 登录时，用户不会检查密码，因此无法检查密码是否被锁定。

所以是的，如果您的密码已过期或被锁定，您将能够登录（如果配置了密码密钥）。

如果我使用带公钥的 SSH，是否会受到我的用户帐户密码过期的影响？

答案1

答案2

答案3

相关内容