因此,如果我使用带有公钥/私钥的 SSH 连接到 Unix 计算机,并且该计算机上的用户帐户密码已过期,我还能连接吗?
答案1
答案2
是的,您可以“连接”,但您需要更改密码,至少在 Ubuntu 发行版上是这样。某些服务器的行为会有所不同。
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/testsftpuser/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 656 bytes for a total of 1799
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
在您的密码更改之前,不会授予您访问权限:
You are required to change your password immediately (password aged)
Linux devftp01 2.6.66-38-server #43-Ubuntu SMP Thu Sep 16 16:05:42 UTC 2010 x86_64 GNU/Linux
Ubuntu 12.04.4 LTS
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for testsftpuser.
(current) UNIX password:
答案3
当密码被锁定或过期时,root 会在密码前放置一个 ! 符号,当用户尝试登录时。其散列提供的密码与其密码不匹配,因为密码前的 ! 不匹配。
解锁时,root 用户会删除密码前的 ! 符号,以便密码条目匹配且用户能够登录。
现在考虑你的情况。
- 用户已被锁定或已过期
- 用户尝试使用终端登录,但由于提供的密码与密码数据库不匹配而被阻止。
- 当他尝试使用 ssh-keys 登录时,它会记录它。
<snip> debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: [email protected] debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug3: Wrote 528 bytes for a total of 1637 debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /home/atolani/.ssh/identity debug3: no such identity: /home/atolani/.ssh/identity debug1: Trying private key: /home/atolani/.ssh/id_rsa debug3: no such identity: /home/atolani/.ssh/id_rsa debug1: Trying private key: /home/atolani/.ssh/id_dsa debug3: no such identity: /home/atolani/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password </snip>
给出的是 ssh 登录的详细输出。
由此我们可以看出,ssh 登录最初尝试检查身份私钥,当上述情况不可用时,转到交互式密码。这表明,在使用 ssh-keys 登录时,用户不会检查密码,因此无法检查密码是否被锁定。
所以是的,如果您的密码已过期或被锁定,您将能够登录(如果配置了密码密钥)。