1748112 Members
3530 Online
108758 Solutions
New Discussion юеВ

SSH to expired passwords

 
SOLVED
Go to solution
corkbuster
Occasional Contributor

SSH to expired passwords

Trying to connect to an HP-UX 11.00 server running Secure shell 3.50

When I try to connect via SSH to a server with an expired account name, All I get is a message:
2068: Permission denied, please try again.

This meessage says nothing about a password or account being disabled. Very confusing to the users.

The FDIC a.k.a. Big Brother, make that
'Bigger Brother' has asked us to shut down telnet and ftp in lieu of ssh.

Any ideas? We are currently writing scripts that will parse the /tcb files for upcoming expirations, but would also like to have the server notify the user as in telnet.
3 REPLIES 3
RAC_1
Honored Contributor

Re: SSH to expired passwords

If you are using HP-UX ssh, then I don't think that is possible.

But if you ca nuse openssh and install it after compilation, then you can check error file that is used and modify the messages accordingly.
There is no substitute to HARDWORK
Greg Vaidman
Respected Contributor
Solution

Re: SSH to expired passwords

Not sure if you still care, but you are better off using getprpw(1m) rather than parsing the /tcb structure. one of the benefits of this would be that it automatically converts time information into days, rather than seconds, which is the format that you'll see in /tcb. also, if you parse the files, and the format is not what you expect or changes due to some upgrade or patch, the command should work, but you may have to update your script.
Sridhar Bhaskarla
Honored Contributor

Re: SSH to expired passwords

Hi,

You didn't mention about which version you are running. I mean HP's, some other vendor's or your own compiled version.

I believe HP's version supports password expiry but I haven't played with it.

openssh source code doesn't contain password expiry implementation. A patch has to be installed for the source code and then compile it to make it work. Look at the following URL

http://www.zip.com.au/~dtucker/openssh/

-Sri

You may be disappointed if you fail, but you are doomed if you don't try