openssh bugs - Apr 2015 - [Bug 1696] output an error message when an account is locked

https://bugzilla.mindrot.org/show_bug.cgi?id=1696

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Vincent Lefevre from comment #0)
> So, I think it would be better for the end user if ssh output an
> error message saying that the account is locked instead of asking a
> password. Or would that be a security problem? If yes, even if the
> server checks that the public key is authorized and outputs the
> error message only in this case?
Sorry for the inconvenience but I don't think we're going to change the
behaviour.  It's poor form to leak information to unauthorized users
(and in the case where the account is locked, the user is not
authorized).
> Also, though the sshd(8) man page has a paragraph about locked
> accounts, there's nothing in the ssh(1) man page.
This is behaviour is entirely within sshd, so attempting to document it
in ssh would be incorrect.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.