Web lists-archives.com

Re: ssh




On Mon, Nov 19, 2018 at 12:12:50PM -0500, Michael Stone wrote:
On Mon, Nov 19, 2018 at 09:43:29AM -0500, Jim Popovitch wrote:
On Mon, 2018-11-19 at 08:38 -0500, Michael Stone wrote:
On Mon, Nov 19, 2018 at 08:32:09AM -0500, Greg Wooledge wrote:
If you're only going to login to the account using ssh keys, you
don't need to give it a valid password hash at all.  Just put a
string of rubbish (English words qualify) in the hash field of
/etc/shadow.

Don't do that. Just use a *.

Something that's always bugged me... is there any difference between
using * or ! (both are valid)?

! locks the account, * is a convention that means "no password".

I should clarify that a bit: a ! locked account can't be used at all (assuming that all login methods respect that convention) whereas the * account can't use password authentication but may be able to use other mechanisms like ssh keys. A completely blank field indicates an empty password.