Article ID: 119260, created on Dec 23, 2013, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo containers for Linux 4.6


  1. Migration of a container might fail if properties of the user vzmig are not correct or SSH configuration does not allow to login using locked accounts. The log file /var/log/messages on the source node contains the following error in this case:

    Dec 22 23:28:12 sourcenode sshd[31518]: User vzmig not allowed because account is locked
    Dec 22 23:28:12 sourcenode sshd[31519]: input_userauth_request: invalid user vzmig
    Dec 22 23:28:12 sourcenode sshd[31519]: Connection closed by
    Dec 22 23:28:12 sourcenode sshd[31520]: User vzmig not allowed because account is locked
    Dec 22 23:28:12 sourcenode sshd[31521]: Connection closed by
  2. PAM is not enabled for SSH service, it is commented or set to "no" explicitly:

    ~# grep UsePAM /etc/ssh/sshd_config
    #UsePAM yes


The account vzmig is the special account with the specific shell binary.

~# getent passwd vzmig
~# getent shadow vzmig

The exclamation mark in the beginning of the second field in the output of the last command means that the account is locked.

This account is created as locked to prevent unauthorized connection as this user, and authorization is performed by SSH keys only. The default PAM configuration allows to authenticate as this user with a valid SSH key.


There are few ways to resolve the situation:

  • enable PAM authentication module for SSH server in the configuration file - set UsePAM to "yes" and restart SSH service;
  • unlock the account and set up the strong password.

    ~# usermod -U vzmig
    ~# passwd vzmig

If PAM configuration for SSH service is altered in the file /etc/pam.d/sshd, then you may need to revert some changes back to default to allow this user to login successfully.

See also

Custom configuration for SSH service might cause other error:

  • KB #119161 PVA migration: can not read reply from destination node.

Search Words

User vzmig not allowed because account is locked

e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f 36627b12981f68a16405a79233409a5e

Email subscription for changes to this article
Save as PDF