[clug] Why is my SSH port forwarding failing all of a sudden?
Tony Lewis
tony at lewistribe.com
Wed Feb 3 09:53:00 UTC 2016
On 03/02/16 20:40, Tony Lewis wrote:
> I cannot figure it out but will keep an eye on it to see if it
> misbehaves again. It's probably me, but I just cannot figure out what
> I broke and how I fixed it.
Oh. Found it.
The client authenticates as user tunnel on the tunnel server using a
public key. Somewhere along the way, adding a new user, I had reset the
password, with the intent of locking it afterwards ("passwd -l
tunnel"). I expired it instead ("passwd -e tunnel"). The PKI
authentication worked, or at least appeared to work, as the account is
configured to not give a shell and only tunnel ports.
But that's the difference. An expired password, which is where the
login progam won't let you log in without setting a new password, locks
at least tunnelling, and probably locks any session itself. Setting the
password to something dumb and then locking the account has fixed the
problem.
So, again, thanks for the input.
Tony
More information about the linux
mailing list