turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
How to avoid password expiration for ssh? (214 Views)
Reply
Reply
Topic Options
Frequent Advisor
Kirill Cherkashin
Posts: 46
Registered: ‎12-26-2001
Message 1 of 10 (214 Views)

How to avoid password expiration for ssh?

Post options

‎02-16-2004 11:52 PM

Hi,

I'm using ssh with private/public exchange in automated script for transferring oracle archive logs between two machines. Unfortunately, our security guy urges us to turn password expiration on.
I always reckoned that using key pair exchange is smart way to avoid constant password change and it's especially useful for service accounts. However, I found this message in ssh log:

Disconnecting: Password change required but no TTY available


so, is it possible somehow to avoid password expiration for ssh?
0
Reply
0
Please use plain text.
 
Exalted Contributor
Exalted Contributor
Steven E. Protter
Posts: 33,805
Registered: ‎08-15-2002
Message 2 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎02-17-2004 12:04 AM

In SAM on the target server

Users

modify

Disable password aging.

Of course this will require you to manually change it without remeinders to maintain security.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0
Reply
0
Please use plain text.
 
Frequent Advisor
Kirill Cherkashin
Posts: 46
Registered: ‎12-26-2001
Message 3 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎02-17-2004 12:18 AM

Steven,


1) password expiration should be turn on for this account.
i.e. password expiration should works in standart way for telnet and ftp but ssh and sftp could avoid it.
2) i don't want to make any regular manual password changes at all.
0
Reply
0
Please use plain text.
 
Respected Contributor
Respected Contributor
Vijaya Kumar_3
Posts: 450
Registered: ‎09-29-2003
Message 4 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎02-17-2004 12:31 AM

No, there is no seperate password expiration available for SSH/SCP.

So there is no other go you can handle this, but you always have an option to change using SAM of modprpw command with your unix administrator.

Thanks
Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
0
Reply
0
Please use plain text.
 
Honored Contributor
Honored Contributor
RAC_1
Posts: 5,920
Registered: ‎03-21-2002
Message 5 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎02-17-2004 12:45 AM

I think you cant do that, ssh is checking account details, and when it sees it is expired, it gives messages and exits.
There is no substitute to HARDWORK
0
Reply
0
Please use plain text.
 
Jun Wang_2
Occasional Visitor
Jun Wang_2
Posts: 1
Registered: ‎10-27-2004
Message 6 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎10-27-2004 10:44 AM

I have exactly the same question.
0
Reply
0
Please use plain text.
 
Jane Bell
Occasional Visitor
Jane Bell
Posts: 4
Registered: ‎08-18-1997
Message 7 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎11-01-2004 02:35 AM

I have exactly the opposite problem - accounts that are expired and/or disabled but SSH ignores the status and allows the user to login! Obviously I am concerned that disabled accounts can still login!! We also have AIX servers and they work as you describe (ie they check the password status). As yet Ive not worked out why the aix servers work in the opposite way around to the hp servers - if I do then I will probably have solved your question!

Our hp servers do check the password status if password ( rather than passphrase/key ) authentication is performed.

Running openssh3.8p1 ( built locally )
0
Reply
0
Please use plain text.
 
Exalted Contributor
Exalted Contributor
Steven E. Protter
Posts: 33,805
Registered: ‎08-15-2002
Message 8 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎11-01-2004 02:59 AM

The only way to disable for ssh is to disable for the user. This is a very bad idea and will make you fail a security audit if you have such things done.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0
Reply
0
Please use plain text.
 
Jane Bell
Occasional Visitor
Jane Bell
Posts: 4
Registered: ‎08-18-1997
Message 9 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎11-01-2004 07:21 PM

Yep, thats the way it should be - but no one seems to have told our servers - much to my annoyance!

The debugging continues.....
0
Reply
0
Please use plain text.
 
Honored Contributor
Honored Contributor
Sridhar Bhaskarla
Posts: 6,350
Registered: ‎08-15-2001
Message 10 of 10 (214 Views)

Re: How to avoid password expiration for ssh?

Post options

‎11-01-2004 07:28 PM

Hi Jane,

I fear you might have compiled your openssh without PAM support (means without --with-pam option).

3.8p1 is superceded by 3.8.1p1 now. I suggest you recompile the new version with PAM support and it should obey your password rules.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0
Reply
0
Please use plain text.