sshd permits logon using disabled user?
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Jan 24 15:45:00 GMT 2019
On Jan 24 06:28, Bill Stewart wrote:
> I am running Windows 10 (1803) and experimenting with sshd installed as a
> Windows service.
>
> The computer is a domain member. I created a local computer account for
> testing.
>
> I created host keys and a public/private key pair to use to log on the user.
>
> This works, except I notice that if I disable the Windows user account, I
> can still log on using ssh using that account.
>
> In the shell, logged on as the disabled user, the 'whoami' command returns
> the name of the disabled user.
>
> This seems unexpected and not good.
>
> Why does sshd allow logon for a disabled user?
Because the underlying Cygwin function responsible for changing the user
account only checks if the account exists. It does not check for any of
the flags in the user DB. Yet.
I pushed a patch to disallow changing the user account to a disabled or
locked out account.
I just uploaded new developer snapshots containing this change to
https://cygwin.com/snapshots/
Please give them a try.
Thanks,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190124/9d36d7b4/attachment.sig>
More information about the Cygwin
mailing list