[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh

On Mon, Nov 19, 2018 at 12:12:50PM -0500, Michael Stone wrote:

On Mon, Nov 19, 2018 at 09:43:29AM -0500, Jim Popovitch wrote:

On Mon, 2018-11-19 at 08:38 -0500, Michael Stone wrote:

On Mon, Nov 19, 2018 at 08:32:09AM -0500, Greg Wooledge wrote:

If you're only going to login to the account using ssh keys, you
don't need to give it a valid password hash at all.  Just put a
string of rubbish (English words qualify) in the hash field of
/etc/shadow.


Don't do that. Just use a *.


Something that's always bugged me... is there any difference between
using * or ! (both are valid)?


! locks the account, * is a convention that means "no password".
I should clarify that a bit: a ! locked account can't be used at all (assuming that all login methods respect that convention) whereas the * account can't use password authentication but may be able to use other mechanisms like ssh keys. A completely blank field indicates an empty password.
Reply to: