RE: Expired password unchangeable with SFTP clients
- From: "Russell Millard Oliver" <Tick@xxxxxxxx>
- Date: Mon, 11 Feb 2008 12:52:53 -0700
I wanted to follow up on this because I did find the fix and it was (of
course) on the server side.
In the sshd_config, (on my system, it's in /usr/local/etc), there is now
an option to UsePAM. By default, this is turned off. It needs set to
yes and all was fine in the world for me. Keyboard-interactive was
needed for changing the password, so that bit of information was useful,
WS_FTP Pro was unable to accommodate password changing, however. I
contacted the company and was told it was a matter of how the expiration
was handled. They were doing it "correctly" and expiring the password
at one moment, where the Unix system was expiring at a different moment.
Either way, it doesn't work for my situation. If there is anyone around
that has specific experience with WS_FTP Pro, OpenSSH, and changing
expired passwords, I'd love to hear from you and how you handled it. I
have users that would really really like to stick with WS_FTP, but
without this level of functionality, I can't recommend it.
From: Bob Rasmussen [mailto:info@xxxxxxx]
Sent: Thursday, January 31, 2008 10:24 AM
To: Russell Millard Oliver
Subject: Re: Expired password unchangeable with SFTP clients
On Thu, 31 Jan 2008, Russell Millard Oliver wrote:
I am running Solaris 9, OpenSSH 4.7p1expiring
I am trying to configure SFTP-only users that will not have shell
access. As referenced in various places, I simply create a user whose
shell is /usr/local/libexec/sftp-server.
This works great for our use and I was just about to take it from
development to production when I started building accounts and
the password. When I try to log on with various different SFTPclients
(putty's sftp client, ssh.com's free client, WinSCP, and even WS_FTP
Pro), if the password is expired, I get authentication failure. Using
Sun's SSH server, this works fine, but we're moving to OpenSSH.
Is there a configuration I don't know about that would allow me to be
able to change an expired password? Any other suggestions?
Are you allowing keyboard-interactive authentication? In some systems
least) that I have worked with, the sshd deals with an expired password
by using the keyboard-interactive mechanism to prompt the user for the
and then the new password. I don't know whether PuTTY, etc., handle this
in their SFTP clients. But this might be a clue for you.
....Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras@xxxxxxxxx
company e-mail: rsi@xxxxxxxxx
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
- Prev by Date: unable to connect to sshd server error 7:The request is not supported
- Next by Date: issue with transferring text files from windows to *INX using scp/sftp
- Previous by thread: unable to connect to sshd server error 7:The request is not supported
- Next by thread: issue with transferring text files from windows to *INX using scp/sftp