Re: Solaris 8 SSH Issues.
From: Andrew J Caines (A.J.Caines_at_halplant.com)
Date: 10/20/03
- Previous message: Eric Forgette: "Re: Solaris 8 SSH Issues."
- In reply to: Brown, Rodrick: "Solaris 8 SSH Issues."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Oct 2003 17:19:56 -0400 To: focus-sun@securityfocus.com
Rodrick,
> Speaking of ssh on Solaris I'm running into two issues
> a) Users passwords expiring on them with out them knowing ie. They get
> no warnings most of my servers are Solaris 8 so I'm using OpenSSH.
> b) Users able to login into the system even though their passwords are
> expired because there using ssh-agent/paraphrase
> Anyone can recommended a workaround or solution?
You're missing an important detail, which is that by using ssh with key
based authentication you no longer have the problem which is addressed by
password expiry (ie. local password authentication). In fact having
expiring passwords makes little sense, at least in the case of login
authentication.
Remember that the authority to access the account comes exclusively from
the presence of the public key in authorized-keys. Only the owner of the
corresponding private key(s) can log in. The passphrase is only for the
protection of the private key on the client system(s) and should never
have to be changed.
So, be happy and dump the expiring passwords. In fact, if you don't use
the passwords for anything else, then you can set them to whatever you
like.
-Andrew-
-- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
- Previous message: Eric Forgette: "Re: Solaris 8 SSH Issues."
- In reply to: Brown, Rodrick: "Solaris 8 SSH Issues."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
