Our server is only opened 22 sshd port... We wants our server secuirty is more higher, so decide to password aging policy... Linux command is "chage" is very useful, but openssh3.3 higher version is not effected... [root at radius ~]# chage -l test Minimum: 0 Maximum: 2 Warning: 2 Inactive: 2 Last Change: May 09, 2003 Password Expires: May 11, 2003 Password Inactive: May 13, 2003 Account Expires: Never [root at radius ~]# [root at radius ~]# telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. radius login: test Password: You are required to change your password immediately (password aged) Changing password for test (current) UNIX password: ---------------------------------------------------------------------- BUT... [root at radius ~]# ssh -l test 220.75.xxx.xxx test at 220.75.xxx.xxx's password: Read from remote host 220.75.xxx.xxx: Connection reset by peer Connection to 220.75.xxx.xxx closed. [root at radius ~]# [root at radius ~]# telnet localhost 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.99-OpenSSH_3.5p1 This problem is only openssh3.3 higher version. Why this problem occured??? Please reply this answer.... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030512/fd81f040/attachment.html
Darren Tucker
2003-May-12 07:08 UTC
[Ans.]openssh3.5p1 version ... Password aging problem???
> ?????? wrote: > We wants our server secuirty is more higher, so decide to password > aging policy...[snip]> This problem is only openssh3.3 higher version. > > Why this problem occured???This is a known issue with the current code. Depending on whether or not you're using PAM, the bugs (with potential solutions) are: http://bugzilla.mindrot.org/show_bug.cgi?id=14 (non-PAM) http://bugzilla.mindrot.org/show_bug.cgi?id=423 (PAM) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.