HPE Community
Operating System - HP-UX
1834704 Members
2706 Online
110069 Solutions
New Discussion

Re: SSH password character limit?

 
Dieter S. Vener
Frequent Advisor

‎02-21-2007 06:51 AM

‎02-21-2007 06:51 AM

SSH password character limit?

HP-UX Version: B.11.11
SSH Version: OpenSSH_4.4p1-hpn12v11

Hi All,

We are having an interesting issue with ssh where the ssh daemon will not accept a password that has more than 8 characters.

Example:

%passwd user1
New password: test1234
Re-enter new password: test1234
%passwd user2
New password: test12345
Re-enter new password: test12345
%ssh -l user1 rp8400
user1@rp8400's password: test1234
No issues
%ssh -l user2 rp8400
user2@rp8400's password: test12345
Permission denied, please try again

This seems kind of silly. If anything the sshd daemon should ignore any characters past 8, but not fail to authenticate.

Does anyone know why our system is doing this? Is there some setting in sshd_config or ssh_config that corrects this?

Thanks

0 Kudos
Reply
5 REPLIES 5
Kasper Hedensted
Trusted Contributor

‎02-21-2007 07:01 AM

‎02-21-2007 07:01 AM

Re: SSH password character limit?

Hi Dieter,

It sounds like same issue as in this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1018433&admit=-682735245+1172087776070+28353475

Regards, Kasper
0 Kudos
Reply
Dieter S. Vener
Frequent Advisor

‎02-21-2007 07:12 AM

‎02-21-2007 07:12 AM

Re: SSH password character limit?

Hi Kasper,

I changed the line in my sshd_config file as the thread suggested:

%vi sshd_config
uncommented
usePAM yes
:wq!

After making the change, no one can login via ssh. The user authenticates and then the connection gets closed immediately. Messages from "-vvvv" of ssh and "-dddd" of sshd do not reveal anything except a memory fault. The syslog.log says that the application received a signal 15 error.

We installed our ssh from a depot for HP-UX 11.11 that was downloaded off of HP's site. I would think that ssh should work without any changes in configuration.

Thanks
0 Kudos
Reply
Kasper Hedensted
Trusted Contributor

‎02-21-2007 07:42 AM

‎02-21-2007 07:42 AM

Re: SSH password character limit?

Are both servers running trusted mode ?

has the password format policy been changed ?
0 Kudos
Reply
Dieter S. Vener
Frequent Advisor

‎02-21-2007 07:56 AM

‎02-21-2007 07:56 AM

Re: SSH password character limit?

Hi Kasper,

Yes, the system is in trusted mode.

The password format policy maximum password length was set to 8 and I changed it to 20 in sam, but it still does not seem to have any effect on SSH. I even re-installed the SSH depot to make sure there was not some post-install that needed to re-updated based on the password format policy.

Thanks
0 Kudos
Reply
Dieter S. Vener
Frequent Advisor

‎02-21-2007 08:23 AM

‎02-21-2007 08:23 AM

Re: SSH password character limit?

Aha, I think I've figured it out. By default, the depot installation sets up sshd_config with the following lines set. I re-installed to make sure:

%swremove
mark Secure Shell for removal
remove
%swinstall -a /tmp/t*.depot
mark for install
install


%more /opt/ssh/etc/sshd_config

#UsePAM yes
#ChallengeResponseAuthentication yes

I changed the sshd_config to the following and it now works. Note that changing the UsePAM line alone did not work. I had to change both of these lines.

%vi /opt/ssh/etc/sshd_config
UsePAM yes
ChallengeResponseAuthentication no
:wq!

In summary, uncommenting the UsePAM line alone does not fix the issue. Changing the UsePAM line and the ChallengeResponseAuthentication to no does. Both of these lines needed to be changed. Hope this helps anyone that was unable to resolve the problem. I read the comments above the UsePAM line in sshd_config and this led me to give this a try.

Kasper thanks for your help. You led me in the right direction.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.