Re: ssh and forced password changes



On 2007-08-23, bll991@xxxxxxxxx <bll991@xxxxxxxxx> wrote:
I have a wrapper on my password that prints out directions to my
users. This works with everything other than ssh. When using ssh the
directions do not print out, and the user is dropped right into the
passwd command. What am I doing wrong?

Which SSH implementation and version are you using?

Also, are you using PAM? If so, the SSH daemon will probably use the
pam_chauthtok() function (OpenSSH does, not sure about others). In
that case your wrapper is never invoked, but you can get a similar
effect by adding something like pam_echo to the "password" stack that
sshd uses.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.



Relevant Pages

  • Re: 5.2p1 no longer sets DISPLAY
    ... client ssh is still 3.9p1 and sshd_config is the same). ... what's happening is that the OS is asked for a list of addresses for localhost and is returning a list that includes the inet6 address, however attempting to bind to it fails. ... Previously sshd would ignore this failure, but that allows third parties to bind to inet6 ports in the X11 forwarding range and potentially hijack X connections. ... Good judgement comes with experience. ...
    (SSH)
  • Re: need rhosts rsa help
    ... >I'm having problems getting RhostsRSAAuthentication working on OpenSSH ... It appears from the client log that it's not even attempting ... Since you're using SSHv1 you need to make the "ssh" binary setuid root ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • Re: sftp problems with 3.9 on HP
    ... >ChallengeResponseAuthentication also set to yes that ssh connects just ... $ ssh -v -s sshserver sftp ... against is not in the system's default library search path (ie ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • Re: SSH Advice
    ... Documentation seems a little scarce so any advice, tips, links, ... but that's still a compatibility layer. ... free native SSH servers for Windows. ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • Re: Restrict account to scp only to user directory.
    ... Although they can't rename anything. ... command over ssh the way it's setup. ... > Good judgement comes with experience. ...
    (comp.security.ssh)