gitolite git user asking for password with valid keys

Arnold Roa asked:

My gitolite installation start to ask for password suddendly, I checked the /var/log/secure file and found this.

 sshd[9071]: User git not allowed because account is locked
 sshd[9072]: input_userauth_request: invalid user git

After a quick search i’ve read that the solution is

 sudo passwd -u git

But this gaves this answer:

 Unlocking password for user git.
 passwd: Warning: unlocked password would be empty.
 passwd: Unsafe operation (use -f to force)

I used -f to check and yes, it fixed the issue. But is there a security downside of doing this? I dont want this account to have a password, only use keys authentification.

My answer:

The security downside is that now your git user has no password, and anybody can log in to it without a password (or a key)!

To resolve the problem, the account should not be locked, but should have a password, even if nobody ever uses the password. Set a random password for the account, and make sure the ssh keys are working correctly.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.