Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Expired password unchangeable with SFTP clients

from [Bob Rasmussen] Network Security [Permanent Link]
Subject: Re: Expired password unchangeable with SFTP clients
Date: Thu, 31 Jan 2008 09:23:31 -0800 (PST) 
On Thu, 31 Jan 2008, Russell Millard Oliver wrote:


I am running Solaris 9, OpenSSH 4.7p1
I am trying to configure SFTP-only users that will not have shell
access.  As referenced in various places, I simply create a user whose
shell is /usr/local/libexec/sftp-server.
 
This works great for our use and I was just about to take it from
development to production when I started building accounts and expiring
the password.  When I try to log on with various different SFTP clients
(putty's sftp client, ssh.com's free client, WinSCP, and even WS_FTP
Pro), if the password is expired, I get authentication failure.  Using
Sun's SSH server, this works fine, but we're moving to OpenSSH.
 
Is there a configuration I don't know about that would allow me to be
able to change an expired password?  Any other suggestions?


Are you allowing keyboard-interactive authentication? In some systems (at 
least) that I have worked with, the sshd deals with an expired password 
by using the keyboard-interactive mechanism to prompt the user for the old 
and then the new password. I don't know whether PuTTY, etc., handle this 
in their SFTP clients. But this might be a clue for you.

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@anzio.com
 company e-mail: rsi@anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Expired password unchangeable with SFTP clients, Russell Millard Oliver
Next by Date:  Encoding of stdout messages, alan . cline
Previous by Thread:  Expired password unchangeable with SFTP clients, Russell Millard Oliver
Next by Thread:  Encoding of stdout messages, alan . cline
Indexes:  [Date] [Thread] [Top] [All Lists]