[clug] Why is my SSH port forwarding failing all of a sudden?

Bob Edwards bob at cs.anu.edu.au
Wed Feb 3 22:39:14 UTC 2016

On 03/02/16 22:56, Chris Smart wrote:
> On 03/02/16 20:53, Tony Lewis wrote:
>> On 03/02/16 20:40, Tony Lewis wrote:
>>> I cannot figure it out but will keep an eye on it to see if it
>>> misbehaves again.  It's probably me, but I just cannot figure out what
>>> I broke and how I fixed it.
>> Oh.  Found it.
>> The client authenticates as user tunnel on the tunnel server using a
>> public key.  Somewhere along the way, adding a new user, I had reset the
>> password, with the intent of locking it afterwards ("passwd -l
>> tunnel").  I expired it instead ("passwd -e tunnel").  The PKI
>> authentication worked, or at least appeared to work, as the account is
>> configured to not give a shell and only tunnel ports.
>> But that's the difference.  An expired password, which is where the
>> login progam won't let you log in without setting a new password, locks
>> at least tunnelling, and probably locks any session itself. Setting the
>> password to something dumb and then locking the account has fixed the
>> problem.
>> So, again, thanks for the input.
> Nice one, glad you found it!
> -c

Not only that - thanks for eating humble pie and sharing the cause of
the problem with the rest of us - I would not have thought to look at
locked accounts with expired passwords as being the problem...


Bob Edwards.

More information about the linux mailing list