[clug] Why is my SSH port forwarding failing all of a sudden?
bob at cs.anu.edu.au
Wed Feb 3 22:39:14 UTC 2016
On 03/02/16 22:56, Chris Smart wrote:
> On 03/02/16 20:53, Tony Lewis wrote:
>> On 03/02/16 20:40, Tony Lewis wrote:
>>> I cannot figure it out but will keep an eye on it to see if it
>>> misbehaves again. It's probably me, but I just cannot figure out what
>>> I broke and how I fixed it.
>> Oh. Found it.
>> The client authenticates as user tunnel on the tunnel server using a
>> public key. Somewhere along the way, adding a new user, I had reset the
>> password, with the intent of locking it afterwards ("passwd -l
>> tunnel"). I expired it instead ("passwd -e tunnel"). The PKI
>> authentication worked, or at least appeared to work, as the account is
>> configured to not give a shell and only tunnel ports.
>> But that's the difference. An expired password, which is where the
>> login progam won't let you log in without setting a new password, locks
>> at least tunnelling, and probably locks any session itself. Setting the
>> password to something dumb and then locking the account has fixed the
>> So, again, thanks for the input.
> Nice one, glad you found it!
Not only that - thanks for eating humble pie and sharing the cause of
the problem with the rest of us - I would not have thought to look at
locked accounts with expired passwords as being the problem...
More information about the linux