HPE Community
Operating System - HP-UX
1822002 Members
3922 Online
109639 Solutions
New Discussion юеВ

Re: ssh login only accepting 8 character passwords.

 
Paul meaden
New Member

тАО02-10-2005 08:26 PM

тАО02-10-2005 08:26 PM

ssh login only accepting 8 character passwords.

Hi,

Has anyone come across this before. I recently upgraded to HPUX Secure Shell 3.91. Since the upgrade, I cannot use a password of greater that 8 characters, when attempting an ssh login using Unix password authentications (i.e. not key-pair authentication). Please see following for example:

As root:

# useradd -m testac
# passwd testac
enter password greater that 8 characters ..

As user fred:

$ su - testac
enter password and login is successful
$ exit

$ ssh testac@localhost
enter same password which worked above, and get permission denied.

If the whole exercise above is repeated, but a password of 8 characters in length is created, the "ssh testac@localhost" works fine.

This is a trusted system. I have been all through the trusted parameters, and there is nothing amiss. The u_maxlen is set to 20. Also, interestingly, the failed ssh logins do not register in /tcb/files/auth/t/testac as failed logins.

Any help much appreciated...
0 Kudos
Reply
7 REPLIES 7
Peter Godron
Honored Contributor

тАО02-10-2005 08:53 PM

тАО02-10-2005 08:53 PM

Re: ssh login only accepting 8 character passwords.

Hi Paul,
have you tried run the ssh with debug mode?
Also what is the error message you got?
Have a look at thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?admit=716493758+1108115209430+28353475&threadId=679278
Regards
0 Kudos
Reply
Gordon Morrison
Trusted Contributor

тАО02-10-2005 10:53 PM

тАО02-10-2005 10:53 PM

Re: ssh login only accepting 8 character passwords.

Maximum password length is 8 characters. Any extra characters after the first 8 are ignored by the OS, but perhaps ssh is cleverer than that and checks the extra characters. If so, this may cause a conflict with the OS.
Can I suggest using max 8 char passwords?
What does this button do?
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО02-10-2005 11:12 PM

тАО02-10-2005 11:12 PM

Re: ssh login only accepting 8 character passwords.

You're running into a limitation with the standard passwort algorithms.

Have a try - use
verylongpassword as a passwort and try logging in while typing verlongpassworD - I'm afraid it'll work.
IIRC this is a NIS compatibility limitation, which nowadays would be unneccesary as NIS+ supports longer passwords. But noone uses NIS+ for it's only 10 years old, so the limit is still there. ;)

I am not sure, but I feel this could go away when enabling shadow passwords or Trusted System mode, but I never cross-checked it.

Maybe check the pwconv man page on this.

yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
John Payne_2
Honored Contributor

тАО02-11-2005 02:57 AM

тАО02-11-2005 02:57 AM

Re: ssh login only accepting 8 character passwords.

We had the same problem. The solution from the support folks was to add the following line to /opt/ssh/etc/sshd_config:

UsePAM yes

After making the change and restartring sshd, things worked fine.

Hope it helps.
John
Spoon!!!!
Reply
Jeff Schussele
Honored Contributor

тАО02-11-2005 03:02 AM

тАО02-11-2005 03:02 AM

Re: ssh login only accepting 8 character passwords.

Hi Paul,

This is an OS-level issue - not SSH.
IF the > 8 PWs were in use before conversion to Trusted - *only* the first 8 chars were converted & encrypted.
They can continue to use the old PW = BUT *only* the first 8 chars because the system evals *all* the chars & adding the extra chars will cause a decrypt failure.
Of course, the real solution is to change the PWs to <= 8 chars.

My $0.02,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-11-2005 03:12 AM

тАО02-11-2005 03:12 AM

Re: ssh login only accepting 8 character passwords.

In spite of the ability to have longer passwords and logins, I find that characters beyond the eigth are ignored.

My system is trusted and we allow up to 40 character passwords.

We get around this annoying issue by enforcing password complexity with an /etc/default/security file.

I am attaching mine as an example.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Paul meaden
New Member

тАО02-13-2005 08:40 PM

тАО02-13-2005 08:40 PM

Re: ssh login only accepting 8 character passwords.

Many thanks to John Payne. The UsePAM parameter nailed it. Thanks to everyone else who contributed.

Paul.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.