openssh bugs - May 2023 - [Bug 3576] New: The sftp-server does not provide the feature of changing expired passwords, which is provided by the sshd.

https://bugzilla.mindrot.org/show_bug.cgi?id=3576

            Bug ID: 3576
           Summary: The sftp-server does not provide the feature of
                    changing expired passwords, which is provided by the
                    sshd.
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sftp-server
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rmsh1216 at 163.com

Hi!
When I try to ssh into an account with an expired password, I'm
reminded and can change the password, as shown below,
```
# ssh user at ipaddress

Authorized users only. All activities may be monitored and reported.
user at ipaddress's password:
You are required to change your password immediately (administrator
enforced).

Authorized users only. All activities may be monitored and reported.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user.
Changing password for user.
Current password:
```

But when I log in using sftp, I'm not prompted to change the password,
but just disconnect.
```
# sftp user at ipaddress

Authorized users only. All activities may be monitored and reported.
user at ipaddress's password:
You are required to change your password immediately (administrator
enforced).
subsystem request failed on channel 0
Connection closed
```
I have some doubts about this, if sftp-server is designed like this,
please let me know the reason.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3576

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Unfortunately this is not feasible to fix - the sftp protocol
(https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02)
has no provision for password management, so it must all be done out of
band.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.