Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Expired password unchangeable with SFTP clients

from [Russell Millard Oliver] Network Security [Permanent Link]
Subject: RE: Expired password unchangeable with SFTP clients
Date: Mon, 11 Feb 2008 12:52:53 -0700 
I wanted to follow up on this because I did find the fix and it was (of
course) on the server side.   

In the sshd_config, (on my system, it's in /usr/local/etc), there is now
an option to UsePAM.  By default, this is turned off.  It needs set to
yes and all was fine in the world for me.   Keyboard-interactive was
needed for changing the password, so that bit of information was useful,
thanks.  

WS_FTP Pro was unable to accommodate password changing, however.  I
contacted the company and was told it was a matter of how the expiration
was handled.  They were doing it "correctly" and expiring the password
at one moment, where the Unix system was expiring at a different moment.
Either way, it doesn't work for my situation.  If there is anyone around
that has specific experience with WS_FTP Pro, OpenSSH, and changing
expired passwords, I'd love to hear from you and how you handled it.  I
have users that would really really like to stick with WS_FTP, but
without this level of functionality, I can't recommend it.  

Thanks,
Russ Oliver

-----Original Message-----
From: Bob Rasmussen [mailto:info@plot.uz] 
Sent: Thursday, January 31, 2008 10:24 AM
To: Russell Millard Oliver
Cc: secureshell@securityfocus.com;
secureshell-return-9729@securityfocus.com
Subject: Re: Expired password unchangeable with SFTP clients

On Thu, 31 Jan 2008, Russell Millard Oliver wrote:


I am running Solaris 9, OpenSSH 4.7p1
I am trying to configure SFTP-only users that will not have shell
access.  As referenced in various places, I simply create a user whose
shell is /usr/local/libexec/sftp-server.
 
This works great for our use and I was just about to take it from
development to production when I started building accounts and

expiring

the password.  When I try to log on with various different SFTP

clients

(putty's sftp client, ssh.com's free client, WinSCP, and even WS_FTP
Pro), if the password is expired, I get authentication failure.  Using
Sun's SSH server, this works fine, but we're moving to OpenSSH.
 
Is there a configuration I don't know about that would allow me to be
able to change an expired password?  Any other suggestions?


Are you allowing keyboard-interactive authentication? In some systems
(at 
least) that I have worked with, the sshd deals with an expired password 
by using the keyboard-interactive mechanism to prompt the user for the
old 
and then the new password. I don't know whether PuTTY, etc., handle this

in their SFTP clients. But this might be a clue for you.

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@anzio.com
 company e-mail: rsi@anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: Expired password unchangeable with SFTP clients, Russell Millard Oliver <=
Previous by Date:  unable to connect to sshd server error 7:The request is not supported, baracudda
Next by Date:  issue with transferring text files from windows to *INX using scp/sftp, Mike Li
Previous by Thread:  unable to connect to sshd server error 7:The request is not supported, baracudda
Next by Thread:  issue with transferring text files from windows to *INX using scp/sftp, Mike Li
Indexes:  [Date] [Thread] [Top] [All Lists]