HPE Community
Operating System - HP-UX
1836643 Members
1753 Online
110102 Solutions
New Discussion

sftp "Your password was changed by root"?

 
SOLVED
Go to solution
Steve Post
Trusted Contributor

‎08-02-2007 06:20 AM

‎08-02-2007 06:20 AM

sftp "Your password was changed by root"?

I setup a new chrooted sftp user. I set a password for this user.
I run "sftp user1@mybox"
Then I get:
"Your password was changed by root
password:"
I enter the correct password.
I get:
"Your password was changed by root
password:"
I enter the correct password..AGAIN.
This process repeats over and over and over and over.....

I thought maybe the account was locked. I checked. It's not locked.
I have the user's shell be per the hp document: /opt/ssh/utils/sftponly

Am I missing something?

I would think if I change the password for user user1 as root, you would think I could actually use be able to use it right?
0 Kudos
Reply
3 REPLIES 3
Steve Post
Trusted Contributor

‎08-02-2007 07:28 AM

‎08-02-2007 07:28 AM

Re: sftp "Your password was changed by root"?

I got further.
According to the syslog.log file, I am not getting past PAM authorization. I said it is not a valid account.

Then I remembered there is an option in sshd_config that will let you see who is allowed to use sftp.

That was part of it. I now got past that spot.
Now it just jumps right back out.
But no more "Your password was changed by root".

0 Kudos
Reply
Sameer_Nirmal
Honored Contributor

‎08-02-2007 07:46 AM

‎08-02-2007 07:46 AM

Solution

Re: sftp "Your password was changed by root"?

Did you run the scipt /opt/ssh/ssh_chroot_setup.sh ?
Ownership and permissions of sftponly ?

You can refer the /opt/ssh/README.hp or chroot script to verify if something is missed.
Reply
Steve Post
Trusted Contributor

‎08-02-2007 08:21 AM

‎08-02-2007 08:21 AM

Re: sftp "Your password was changed by root"?

Yes I ran the ssh_chroot_setup.sh. That part was fine....sort of.

I found my problem.

Problem number 1. I kept getting "Root has changed your password" because I never got past the password part. And I never got past this password part because PAM said I'm not an authorized user. And PAM said I'm not an authorized user because /opt/ssh/etc/sshd_config didn't have the user listed as an allowed ssh user.

Problem number 2. Now, after I correctly log in, I immediately get kicked out.
Cause? The computer didn't know what /opt/ssh/utils/sftponly was. Is it in /etc/shells? Yes. Is it really at /opt/ssh/utils? Yes. Is it at /newroot/./opt/ssh/utils? NOPE. Ah HA. That was it. The ssh_chroot_setup.sh utility should have automatically copied over "sftponly" to under the /newroot/opt/ssh/utils/. It didn't.

So I'm fine now. But there's another thing too. I see it dumped /etc/passwd and /etc/group to the /newroot/./etc directory. I think that's not a very good idea. I wiped out just about all of it. I remember reading about this in one of the hp (or wuftp) documents.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.