The ssh won't let me login, because account is locked. I want to unlock the user on my server for public key authorization over ssh, but do not enable password-ed login.
I've tried:
# passwd -u username
passwd: unlocking the password would result in a passwordless account.
You should set a password with usermod -p to unlock the password of this account.
Auth log entries:
Mar 28 00:00:00 vm11111 sshd[11111]: User username not allowed because account is locked
Mar 28 00:00:00 vm11111 sshd[11111]: input_userauth_request: invalid user username [preauth]
Best Answer
Unlock the account and give the user a complex password as @Skaperen suggests.
Edit
/etc/ssh/sshd_config
and ensure you have:Check that the line isn't commented (
#
at the start) and save the file. Finally, restart thesshd
service.Before you do this, ensure that your public key authentication is working first.
If you need to do this for only one (or a small number) of users, leave
PasswordAuthentication
enabled and instead useMatch User
:Place at the bottom of the file as it is valid until the next
Match
command or EOF.You can also use
Match Group <group name>
or a negationMatch User !bloggs
As you mention in the comments, you can also reverse it so that Password Authentication is disabled in the main part of the config and use
Match
statements to enable it for a few users: