What happens when your password expires and you're using key authentication?
Under default behavior, you will still be able to log in using your ssh key, but the system administrator is free to change this behavior using pam
or other methods. OpenSSH doesn't care about the expiration date on your password if it's not using password authentication, but pam
can be set up to check password expiration even after sshd
has authenticated your key. It could probably even be set up to force you to enter and change your expired password before handing you the shell prompt. For the best answer, ask your sysadmin.
EDIT: For more details on the interaction between SSH and PAM, see this answer.
Related videos on Youtube
xenoterracide
Former Linux System Administrator, now full time Java Software Engineer.
Updated on September 17, 2022Comments
-
xenoterracide over 1 year
on one of the boxes I don't control at work I use
ssh
keys to log in. Our passwords are set to expire after a few months. What happens if I don't reset my password and it expires? will I still be able to login? Does what happens depend on somesshd
setting? or some pam setting? -
xenoterracide over 13 yearsaround here I'm just as likely to get the answer "you're not supposed to be using key auth" as I am "I don't know" I'd never get an actual answer.
-
Jander over 13 yearsIn that case I'd bet the behavior is all default. If you really weren't supposed to be using key auth, then you wouldn't be able to get in that way. ;)
-
xenoterracide over 13 yearsprobably ;) and that's been my opinion when people have said that. I think truthfully what the mean is you aren't supposed be using keyauth with a a passphrase, because too many people do that, instead of like me, who uses
keychain
I can type the password once a day, more than that is nuts.