2007年10月13日土曜日

[LINUX] Can't login after useradd

After creating a new user account with the useradd command, I couldn't login through ssh. Here's a common pitfall to watch out for. Let me discuss it.

I first entered this command as root.

% useradd -gusers -p himitsu -s /bin/bash -d /home/okato -m okato

There was no error. I was able to verify that /home/okato had been created. Thinking that all is well, I proceeded to login through ssh, but I was rejected.

$ ssh okato@myserver.com
Permission denied

After a bit of experimenting, I discovered that Linux checks on your password choice. If it's an existing word or something weak like that, Linux rejects it. You can see this behavior in the passwd command. However, with useradd, apparently, this check operates in the background and if the check doesn't succeed, the user account is rendered unusable. Since this occurs in the background and there's no feedback to the operator, it misleads the operator into thinking all is well.

LESSON TO BE LEARNED: Always use strong passwords!

Also, you should pay attention to use of certain symbols that have special meaning on the command line. Symbols like "|", "<", ">" cannot be used as part of the password to be specified on the command line. You may be able to quote the password and get away with it, but I haven't tried it yet.

0 件のコメント: