To Whom It May Concern: I am running OpenSSH_3.7.1p2 on an HPUX 10.10 operating system. I recently converted my OS to a trusted system, which, among other things, shadows passwords in the /etc/passwd file. In order to shadow the user passwords, a '*' character is used. Unfortunately, the documentation for sshd states that, for HP operating systems, a '*' character in the /etc/passwd file is a sign that the user's account is locked out of ssh logins. In order to verify this, I shutdown my sshd, re-started it with the following command: "sshd -ddd -e" and perused the debugging info. Once I attempted to make an ssh connection from a remote system, a message stating that the user's account was locked came up. I hope that I have adequately described the situation. If you have any questions, need any clarification, or can tell me what I am doing wrong, please reply to this e-mail. Thank you in advance, Harry Kantor Computer Engineer NSWC PC
Kantor, Harry S CIV NAVSURFWARCEN CSS, 376 / 110E wrote:> I am running OpenSSH_3.7.1p2 on an HPUX 10.10 operating system.Wow, I haven't seen that HP-UX version in a long time.> I recently converted my OS to a trusted system, which, among other things, > shadows passwords in the /etc/passwd file. In order to shadow the user > passwords, a '*' character is used. Unfortunately, the documentation for > sshd states that, for HP operating systems, a '*' character in the > /etc/passwd file is a sign that the user's account is locked out of ssh > logins.To work around the problem, comment out the LOCKED_PASSWD_STRING line in config.h after running configure but before running make. I think newer versions of OpenSSH will work OK: we changed sshd so it would always use the shadow functions on HP-UX if they're available, and getspnam() should return the correct password from /tcb/* rather than /etc/passwd, and thus won't have this problem. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.