HPE Community
Operating System - HP-UX
1820071 Members
2558 Online
109608 Solutions
New Discussion юеВ

Can't change password with ssh

 
SOLVED
Go to solution
Michael_356
Frequent Advisor

тАО09-07-2004 09:41 PM

тАО09-07-2004 09:41 PM

Can't change password with ssh

Hi there,

after 30 days the passwords for the users expires.
If an user login with ssh after 30 days, he will informed about his expired password.
All is normal until this point.
But now, if the user want to change his password, he sees something like:

"Your password has expired.
Choose a new password.
Changing password for user1
Old password:
Sorry.
Login aborted due to no password."

He type in his old password, then -> break!
I don't know, what happens here.
What is the way, the password goes to?
Change the password with telnet or rlogin: no prob, with ssh: see above.
No prob to login within the valid time (30 days), but after this time you can get grey hair.
Any Hints please

Thanks in advance

Michael

Additional info:
HP-UX 11.00, HP-UX_Secure_Shell-A.03.71.000
0 Kudos
15 REPLIES 15
Michael Selvesteen_2
Trusted Contributor

тАО09-07-2004 10:35 PM

тАО09-07-2004 10:35 PM

Re: Can't change password with ssh

Intersting, HP SSH works aright with expired passwords for us.

The problem may be with SSH client, did your users use any commerical client to connect with SSH server?

Some clients may fail for expired passwords as they fail to capture messages from server.

We use putty and it works fine in normal mode
0 Kudos
Muthukumar_5
Honored Contributor

тАО09-07-2004 10:36 PM

тАО09-07-2004 10:36 PM

Re: Can't change password with ssh

when you are asked / try to change to passwd of user ( non root ) login it will ask old passwd to change it to new..

Changing password for user1
Old password:
Sorry.
Login aborted due to no password."
--->
say's that you are asked to change the passwd because of expiry and you did not enter the old passwd exactly...

It is stating Sorry and getting exit there.
IF you do it on telnet too, it will do the same thing. If you forgot the user old passwd then only the super user can make a passwd change on this.

Try to contact your super user admin for this to change your passwd if you don't have root permission.

Regards
Muthu

Easy to suggest when don't know about the problem!
0 Kudos
Michael_356
Frequent Advisor

тАО09-07-2004 10:55 PM

тАО09-07-2004 10:55 PM

Re: Can't change password with ssh

Thanks for the answers

@Michael:
Yes, we use putty too, cute little tool.
what do you mean with "normal mode"?

@Muthu:
this is, what i thought when the first user demonstrated his problem.
But i can reproduce it with my own account.
The initial login is ok.
then the expired-message
followed by the old-pw-question
typing in the (correct!) password
then
break - "due to no password"

Regards

Michael
btw: i am the superuser adim for this machines :-)
0 Kudos
Muthukumar_5
Honored Contributor

тАО09-07-2004 11:33 PM

тАО09-07-2004 11:33 PM

Re: Can't change password with ssh

how you set the password expiry setting there,

Login aborted due to no password means,

The passwd program is invoked, the user is unable to change the
password, and the account requires one.

I hope your expiry setting for the password may be one of the problem. Try to use expiry as,

passwd -f --> to force the user to select passwd (Force user to change password upon next login by
expiring the current password.)

Easy to suggest when don't know about the problem!
0 Kudos
Gary L. Paveza, Jr.
Trusted Contributor

тАО09-07-2004 11:36 PM

тАО09-07-2004 11:36 PM

Re: Can't change password with ssh

I had this exact same problem with A.03.71.00. Upgraded to A.03.81.00 and the problem went away.
0 Kudos
Michael_356
Frequent Advisor

тАО09-08-2004 07:43 PM

тАО09-08-2004 07:43 PM

Re: Can't change password with ssh

Thanks for all your answers.

This isn't a problem of ssh, it is one with passwd.
The user cannot execute passwd, don't know why at this moment.
login process is ok, but after login expiration is detected and the process passwd is executed. There's the problem.

Michael
0 Kudos
Ralph Grothe
Honored Contributor

тАО09-08-2004 08:06 PM

тАО09-08-2004 08:06 PM

Re: Can't change password with ssh

I too believe this has nothing to do with ssh, because once you got logged in there should be no difference to e.g. telnet or remsh.

This may not be your problem, but sometimes the most obsure symptoms pop up when somehow your /etc/passwd got corrupted.
We had such happening on a server that we weren't the only ones who administered a Unix box, and where the other admins tampered with /etc/passwd.
Thus I'd suggest to check your /etc/passwd for integrity.
Our problems occured when we had records with the wrong numbers of fields (owe to the above mentioned fumbling).
A simple check like

$ awk -F: 'NF!=7' /etc/passwd

revealed the culprit in our case.

Madness, thy name is system administration
0 Kudos
vetriselvan s
Advisor

тАО09-08-2004 09:07 PM

тАО09-08-2004 09:07 PM

Re: Can't change password with ssh

HI

http://www.bioinformatics.dundee.ac.uk/BOOKS/NetworkingBookshelf/puis/ch08_06.htm

section 8.6.2 for a description of 'salt' and
how it relates to passwords.
0 Kudos
Michael_356
Frequent Advisor

тАО09-08-2004 09:21 PM

тАО09-08-2004 09:21 PM

Re: Can't change password with ssh

@vetriselvan:
i have no permission to this address

Michael
0 Kudos
vetriselvan s
Advisor

тАО09-08-2004 09:27 PM

тАО09-08-2004 09:27 PM

Re: Can't change password with ssh

Sorry Michael
See this Link

http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
0 Kudos
Ralph Grothe
Honored Contributor

тАО09-08-2004 10:18 PM

тАО09-08-2004 10:18 PM

Re: Can't change password with ssh

Interesting link for (probably unofficial) online O'Reilly books.
What TLD is ua? Is it the Ukraine?
At least the adbanner offering girls' photos (as far as my cyrillic reading doesn't fool me) seems a bit dubious.
Btw. if you know the password's clear string you can also check the correctnes of the encrypted string by a Perl oneliner call of crypt() (or you write a little C prog)
Madness, thy name is system administration
0 Kudos
Muthukumar_5
Honored Contributor

тАО09-08-2004 10:19 PM

тАО09-08-2004 10:19 PM

Re: Can't change password with ssh

We have to work around to get the problem.

1. can you able to change the passwd of users with super user.

2. Get the passwd status of user1 as,
passwd -s user1

3. Try to get the user account information from sam as,

sam --> user accounts man --> users --> user1 --> modify+get the informations there.

4. Try to copy the /etc/passwd to /etc/passwd.bak and then create a new passwd database of /etc/passwd file with few user accoutns and test it

5. Check the /etc/nsswitch.conf file for passwd: entry there.

Try to use passwd: files

6. Try user with null passwd as,

/etc/passwd

user1:XX?XX?: etc..

Remove second field and check the user login now.

It is good to work to know the problem on the above.
Easy to suggest when don't know about the problem!
0 Kudos
Michael_356
Frequent Advisor

тАО09-09-2004 12:16 AM

тАО09-09-2004 12:16 AM

Re: Can't change password with ssh

First i have to add some information:
the machine runs in trusted mode, authck -pv and pwck don't show problems.

@Ralph:
i have some tools for checking passwords,
but i can't find any reason to check that out. The initial login is ok, the trouble begins with the expiration of a password.
Then passwd asks for old password, after typing in -> abort.

@muthu:
1. Yes, i can
2. user1 PS 02/08/04 1 30 7
3. the values seems to be ok (identical to template)
4. Can't do it in the production area, have to test it at WE (ouch: one more WE at work)
5. the entry in /etc/nsswitch.conf is (and was) passwd: files
6. in trusted mode?

Michael
0 Kudos
Muthukumar_5
Honored Contributor

тАО09-09-2004 02:14 AM

тАО09-09-2004 02:14 AM

Solution

Re: Can't change password with ssh

Yep.

I have reproduced your problem as,

convert trusted one,
tsconvert -cp

I had user as muthu
It is asked to make the change your passwd as,
----------- wrong passwd behaviour ---------
login: muthu
Password:
Last successful login for muthu: Fri Sep 10 07:00:07 PST8PDT 2004
Last unsuccessful login for muthu: Fri Sep 10 10:16:26 2004 on pts/tc
Your password has expired.
Choose a new password.
Changing password for muthu
Old password:
Sorry.
Login aborted due to no password.

Wait for login exit: ..
Connection closed by foreign host.

-------------- correct passwd ---------
login: muthu
Password:
Last successful login for muthu: Fri Sep 10 07:00:07 PST8PDT 2004
Last unsuccessful login for muthu: Fri Sep 10 10:16:48 2004 on pts/tc
Your password has expired.
Choose a new password.
Changing password for muthu
Old password:
Last successful password change for muthu: NEVER
Last unsuccessful password change for muthu: Fri Sep 10 10:16:48 2004

Do you want (choose one letter only):
pronounceable passwords generated for you (g)
a string of letters generated (l) ?
to pick your passwords (p) ?

---------------------------------------------

Trusted system will not ask for reprompt again when you type passwd wrong. It is not the defect of passwd / ssh now.

Try to set the user's passwd using super user and ask the user to change it out.

And more try to force the user's when ever they get expired on passwd.

Regards
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Michael_356
Frequent Advisor

тАО09-09-2004 03:23 AM

тАО09-09-2004 03:23 AM

Re: Can't change password with ssh

Thanks to you all.
I will close this thread now because the question I ask was answered. I will work now for a solution.

Thanks to all your answers
be sure, my next question will coming soon :-))

Regards

Michael
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.