如果我使用带公钥的 SSH,是否会受到我的用户帐户密码过期的影响?

如果我使用带公钥的 SSH,是否会受到我的用户帐户密码过期的影响?

因此,如果我使用带有公钥/私钥的 SSH 连接到 Unix 计算机,并且该计算机上的用户帐户密码已过期,我还能连接吗?

答案1

答案2

是的,您可以“连接”,但您需要更改密码,至少在 Ubuntu 发行版上是这样。某些服务器的行为会有所不同。

debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testsftpuser/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 656 bytes for a total of 1799
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open

在您的密码更改之前,不会授予您访问权限:

You are required to change your password immediately (password aged)
Linux devftp01 2.6.66-38-server #43-Ubuntu SMP Thu Sep 16 16:05:42 UTC 2010 x86_64     GNU/Linux
Ubuntu 12.04.4 LTS
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for testsftpuser.
(current) UNIX password:

答案3

  1. 当密码被锁定或过期时,root 会在密码前放置一个 ! 符号,当用户尝试登录时。其散列提供的密码与其密码不匹配,因为密码前的 ! 不匹配。

  2. 解锁时,root 用户会删除密码前的 ! 符号,以便密码条目匹配且用户能够登录。

现在考虑你的情况。

  • 用户已被锁定或已过期
  • 用户尝试使用终端登录,但由于提供的密码与密码数据库不匹配而被阻止。
  • 当他尝试使用 ssh-keys 登录时,它会记录它。
<snip>
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: [email protected]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 528 bytes for a total of 1637
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/atolani/.ssh/identity
debug3: no such identity: /home/atolani/.ssh/identity
debug1: Trying private key: /home/atolani/.ssh/id_rsa
debug3: no such identity: /home/atolani/.ssh/id_rsa
debug1: Trying private key: /home/atolani/.ssh/id_dsa
debug3: no such identity: /home/atolani/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
</snip>

给出的是 ssh 登录的详细输出。

由此我们可以看出,ssh 登录最初尝试检查身份私钥,当上述情况不可用时,转到交互式密码。这表明,在使用 ssh-keys 登录时,用户不会检查密码,因此无法检查密码是否被锁定。

所以是的,如果您的密码已过期或被锁定,您将能够登录(如果配置了密码密钥)。

相关内容