X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=iWXBmG0JnhHKnQd5pXjMOX+ipRTXU
	SHdrfsiAB5r21VM72oQWV9sUZjsGvbpa49PHMT0DL8ezqVa7qL+V1d3zv4APJPK7
	imn3mgSg5H4owWmnpE9bablEMHb6mpU0PvnSe4ptd9CUHwntKevCzwA+Cu0L3QJS
	F8lftpMKPpao8c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=P5P1dee2tux7ItnRkjmrKmbhsWY=; b=Xhx
	iQCrPleOj7QhenSI6UPFJLrxGox2dCun58CsfFo9KQfrUwzj4ZCMjWW1M1XwXfO0
	jqfKvvvV4NHNsevTI/M/xwvgcnHN9rsG6AhjhDB3KimKUEa0S6huescf5foFeC3y
	qVNoafjE4K9/15NXAnxTkVD1dFKKEVyyJSf7Rwm0=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=logon, H*c:alternative
X-HELO: mout.gmx.com
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
MIME-Version: 1.0
From: Bill Stewart <bstewart@iname.com>
Date: Thu, 24 Jan 2019 06:28:11 -0700
Message-ID: <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA@mail.gmail.com>
Subject: sshd permits logon using disabled user?
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"

I am running Windows 10 (1803) and experimenting with sshd installed as a
Windows service.

The computer is a domain member. I created a local computer account for
testing.

I created host keys and a public/private key pair to use to log on the user.

This works, except I notice that if I disable the Windows user account, I
can still log on using ssh using that account.

In the shell, logged on as the disabled user, the 'whoami' command returns
the name of the disabled user.

This seems unexpected and not good.

Why does sshd allow logon for a disabled user?

Thanks

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple