Password expires for service account that uses SSH keys
Have a service account that has SSH keys generated for it.
It was having an issue trying to log in and once I unlocked the account and changed the password, it can log in now ok.
I couldn't find anything in Red Hat documentation showing this or talking about this. I looked online and this must be a Red Hat security feature as there are other Linux distros that allow for an account to sign in via SSH keys, even if the account is locked.
thanks
Responses
Does "sudo chage -l SERVICE_ACCOUNT" show any account expiry date? That's the main way I know of to invalidate SSH logins, regardless of whether or not a password is locked.
Guru
Community Member
3711 points
Dunno: I came to RHEL-usage from a Solaris/IRIX/AIX/HPUX background. If you tried to SSH to an account that was set as locked, key-based SSH logins were refused as a matter of course. So, coming to RHEL, this wasn't a change.
For centralized services that required key-based access to run, we always just set ridiculously-long, random passwords to secure the service accounts (and disabled all but key-based logins).
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.