search for: rfc4256

Hi I'm trying to integration a Java application using SSHJ <https://github.com/hierynomus/sshj> client-side - into OpenSSH 7.4. This is fine, except where I get to a password expiry situation. Looking at RFC4252 <https://www.ietf.org/rfc/rfc4252.txt> (which is supported by SSHJ) I don't see any SSH_MSG_USERAUTH_PASSWD_CHANGEREQ [60] messages getting passed from

...This serie of patches have been already submitted via [1], but i'm sending them again to the ML, to see if they can get some more traction. The patches are already part of Ubuntu openssh since 24.04, and they basically allow proper immediate instruction reporting to clients using PAM (as per RFC4256). This follows the approach that has been reported and discussed in bug 2876 [2], although as per discussion in the said PR thare have been introduced no options to keep previous behavior working. [1] https://github.com/openssh/openssh-portable/pull/452 [2] https://bugzilla.mindrot.org/show_bug.c...

Philipp Marek wrote: > An easy workaround is to use a password manager (a plain file as a minimum) If you can/want to use a file then consider using a key instead. publickey authentication is non-interactive on the wire and the key is already unlocked so packet timing leaks nothing about your passphrase. //Peter

Hi! Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login? We have na?vely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client? /John -- John Olsson Ericsson AB BSC/BSS System