Nick_Chi at manulife.com
2003-Oct-03 09:00 UTC
OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX 11.0 enquiry?
Dear All, I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without problem. However, I find that all valid accounts are treated as "locked" (even specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to the server. Here is the message shown in syslog.log. Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because account is locked Oct 3 16:49:21 SERVER_NAME sshd[12993]: Connection closed by CLIENT_IP_ADDRESS Oct 3 16:49:22 SERVER_NAME sshd[12994]: Failed password for illegal user USER1 from CLIENT_IP_ADDRESS port CLIENT_PORT Any idea? Thanks. Best Regards, Nick CHI Regional Technology Team, Regional I.T., I.T. Asia, Manulife International Limited Tel: (852) 2510 3273 Fax: (852) 2510 0244 Email: Nick_Chi at manulife.com ========================================================= This message is confidential and may also be privileged. If you are not the intended recipient, please notify me by return e-mail and delete this message from your system. If you are not the intended recipient, any use by you of this message is strictly prohibited.
Darren Tucker
2003-Oct-03 09:19 UTC
OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX 11.0enquiry?
Nick_Chi at manulife.com wrote:> I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without > problem. > However, I find that all valid accounts are treated as "locked" (even > specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to > the server. > > Here is the message shown in syslog.log. > > Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because > account is locked > Oct 3 16:49:21 SERVER_NAME sshd[12993]: Connection closed by > CLIENT_IP_ADDRESS > Oct 3 16:49:22 SERVER_NAME sshd[12994]: Failed password for illegal user > USER1 from CLIENT_IP_ADDRESS port CLIENT_PORTTry a snapshot (but avoid 20031002 as PAM is broken), as this has been fixed. You may also have a problem with sshd claiming that the password is expired, you can apply this patch for that. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- Index: auth.c ==================================================================RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.77 diff -u -p -r1.77 auth.c --- auth.c 2 Sep 2003 21:32:46 -0000 1.77 +++ auth.c 3 Oct 2003 03:31:46 -0000 @@ -112,7 +112,7 @@ allowed_user(struct passwd * pw) return 0; } - if (spw->sp_max != -1 && + if (spw->sp_max != -1 && spw->sp_max != 0 && today > spw->sp_lstchg + spw->sp_max) { logit("User %.100s password has expired (password aged)", pw->pw_name);