[CentOS] Limit user password by time

Mon Nov 4 15:19:52 UTC 2019
Jonathan Billings <billings at negate.org>

On Nov 4, 2019, at 9:20 AM, Leroy Tennison <leroy at datavoiceint.com> wrote:
> chage apparently depends on the shadow file which is day-based.  You might want to be more specific when you say "limit", are you trying to force password changes every 2 hours or force logout every 2 hours or something else?  The reason I ask is you're probably into the "create your own method" arena where exactly what you're trying to do may greatly influence the possibilities.


If you just want to create a really small window where ssh logins will succeed, you can instead use OpenSSH’s CA certificate signing of pubkeys method, with the signature expiring at the very second you want it to expire.

Facebook engineering had a pretty good article about it recently:
https://engineering.fb.com/security/scalable-and-secure-access-with-ssh/

--
Jonathan Billings <billings at negate.org>