HPE Community
Operating System - HP-UX
1855764 Members
11508 Online
104103 Solutions
New Discussion

Re: ssh and password exire

 
Michael Murphy_2
Frequent Advisor

‎03-16-2007 02:39 AM

‎03-16-2007 02:39 AM

ssh and password exire

In the past I have set up ssh using certs between two machines - allowing no password prompt when loging in across machines. We are thinking about putting some file transfer using this ssh model. Had some questions:

- if password expires for the id on the source and/or target machine - does ssh/scp still work?

- if an id is locked due to non-use I assume that it will cause ssh/scp to stop working.

- does cron stop working on id's with expired passwords? Any way to resolve that?

Thanks
0 Kudos
Reply
4 REPLIES 4
Jeff_Traigle
Honored Contributor

‎03-16-2007 02:51 AM

‎03-16-2007 02:51 AM

Re: ssh and password exire

Password expiration shouldn't affect logins using keys. The only time that fails (if memory isn't flaking out on me) is if the account is locked (as if you create a new account and the hashed password is set to default *). I don't believe an expired password actually causes the hash to change so it shouldn't affect the access. (I could be wrong on that and it's worth testing if someone else isn't positive, but it doesn't seem logical that it should.)

cron doesn't care if an account is locked or not. If the account is allowed to use cron, the jobs will run.
--
Jeff Traigle
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎03-16-2007 02:55 AM

‎03-16-2007 02:55 AM

Re: ssh and password exire

Of course, after I hit the submit button, I'm thinking the disallowed access because the hash is * that I remembered affects SecurID. It should have no affect when using keys because you're bypassing password authentication.
--
Jeff Traigle
0 Kudos
Reply
IT_2007
Honored Contributor

‎03-16-2007 03:14 AM

‎03-16-2007 03:14 AM

Re: ssh and password exire

agree with Jeff T.

scp will work even after user has expired password since it uses trusted keys.

User won't be able to login using ssh unless he changes expired password.

Cron won't stop working on these situations.
0 Kudos
Reply
gstonian
Trusted Contributor

‎03-16-2007 03:20 AM

‎03-16-2007 03:20 AM

Re: ssh and password exire

If you lock out an account on the target the scp will fail...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.