X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=iWXBmG0JnhHKnQd5pXjMOX+ipRTXU
	SHdrfsiAB5r21VM72oQWV9sUZjsGvbpa49PHMT0DL8ezqVa7qL+V1d3zv4APJPK7
	imn3mgSg5H4owWmnpE9bablEMHb6mpU0PvnSe4ptd9CUHwntKevCzwA+Cu0L3QJS
	F8lftpMKPpao8c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=P5P1dee2tux7ItnRkjmrKmbhsWY=; b=Xhx
	iQCrPleOj7QhenSI6UPFJLrxGox2dCun58CsfFo9KQfrUwzj4ZCMjWW1M1XwXfO0
	jqfKvvvV4NHNsevTI/M/xwvgcnHN9rsG6AhjhDB3KimKUEa0S6huescf5foFeC3y
	qVNoafjE4K9/15NXAnxTkVD1dFKKEVyyJSf7Rwm0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=logon, H*c:alternative
X-HELO: mout.gmx.com
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
MIME-Version: 1.0
From: Bill Stewart <bstewart AT iname DOT com>
Date: Thu, 24 Jan 2019 06:28:11 -0700
Message-ID: <CANV9t=SSyof86c5Yz3tNhwj4To=eKnrmveQcr59ZmMY-X9_txA@mail.gmail.com>
Subject: sshd permits logon using disabled user?
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset="UTF-8"

I am running Windows 10 (1803) and experimenting with sshd installed as a
Windows service.

The computer is a domain member. I created a local computer account for
testing.

I created host keys and a public/private key pair to use to log on the user.

This works, except I notice that if I disable the Windows user account, I
can still log on using ssh using that account.

In the shell, logged on as the disabled user, the 'whoami' command returns
the name of the disabled user.

This seems unexpected and not good.

Why does sshd allow logon for a disabled user?

Thanks

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple