X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=pZP19eHTE4ieAsEL
	NlErpDmdn47ERKm/cCkp6C9F+9FROdryO/e89nBea809sW1uoEboIVgpN08TUeQH
	tQ6x/Nuyq6Yb7wXppGqxOYtSKb3NcCIu8hxc5NlTAFIa3KLda7y+NaDTKtsxrWZp
	MLQfxFGjXHK3KWUGG/uS/VpYeeU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=03SkhNx+s7eoSFqdREwtEA
	oseYs=; b=AcnslkTVbV36PW1XWhbZCVMX+h1Px39EXQ+d4db6vyYR3+femyzOrh
	loEYUsGyrnIevOUG81LkkKrL9vPHgU+GigblHZ61ZxfJT3RsFS+fqEPLuJzSCPTi
	M17ja7PKdsGs18ZjbyZOERGwsKFPhyK1flKMlbnir7wz5RupolWUs=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: =?ISO-8859-1?Q?No, score=-0.9 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=8:t, 8:un, 8:ha, 8:=c3=a4?=
X-HELO: mout.kundenserver.de
Subject: Re: sshd permits logon using disabled user?
To: cygwin@cygwin.com
References: <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA@mail.gmail.com> <20190124154533.GK2802@calimero.vinschen.de> <CANV9t=RtGmpkogw0J7oCME+f4GNkeWo=QSJZFA_jOqyBxPLLdw@mail.gmail.com> <1b1ba104-977f-7297-6d8e-1b456acae305@baur-itcs.de> <CANV9t=RKcVJX8=NuenDaHDq79CMkT--yerjEZwiPtk+5DtxOBQ@mail.gmail.com> <CAHSx_Su2bB-5cPRkDqGXEpPwmfP_h_=zryDRt9pK0kr5uGDCcg@mail.gmail.com>
From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
Openpgp: preference=signencrypt
Message-ID: <21194e48-05e9-ed99-2cdc-7b27d00c610e@baur-itcs.de>
Date: Thu, 24 Jan 2019 20:22:05 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CAHSx_Su2bB-5cPRkDqGXEpPwmfP_h_=zryDRt9pK0kr5uGDCcg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-IsSubscribed: yes

Am 24.01.19 um 20:17 schrieb Wayne Davison:
>> I don't think Windows natively supports password-free logons using only key
>> files (but I might be wrong about that).
> Don't forget that sshd_config fully supports disabling passwords.  You
> can turn a password off for a single user via:
> 
> Match User foobar
>     PasswordAuthentication no
> 
> Or set the "PasswordAuthentication no" as the default for all users.

Yes, but that will still allow the user to log in with their password
when they have access to the local screen and keyboard, or the machine
is reachable via RDP or CIFS, for example.

Kind Regards,
Stefan Baur

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple