Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password Aging with Openssh 5.2 SFTP Subsystem Jail
Top Forums UNIX for Advanced & Expert Users Password Aging with Openssh 5.2 SFTP Subsystem Jail Post 302382214 by markdjones82 on Tuesday 22nd of December 2009 04:46:47 PM
Old 12-22-2009
That is where the issue was! I updated the SSHD pam file from another RHEL box that had the correct SSHD and it works. When I compiled openssh5.2 it didn't have the correct entries in /etc/pam.d/sshd

Thanks!


Here is the correct PAM if anyone cares:
Code:
#%PAM-1.0
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.s

 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

OpenSSH and password aging

Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow. # passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in... (1 Reply)
Discussion started by: raylen
1 Replies

2. UNIX for Dummies Questions & Answers

password aging help

If the command passwd -f is used, Users get the below error. I need to force users to change there passwords at initial login. Anyone know what is going on? This is on a Non-Stop UX system UX:in.login: ERROR: Your password has been expired for too long UX:in.login: TO FIX: Consult your system... (0 Replies)
Discussion started by: breigner
0 Replies

3. UNIX for Dummies Questions & Answers

password aging

hi experts this is regarding password aging i tried searching forum but i cudnt locate given a login id, i would like to determine whether password ageing has been enabled for that and for the login id whether password has been expired on a particular point of time Thanks (4 Replies)
Discussion started by: teletype_error
4 Replies

4. Shell Programming and Scripting

is there anyway of implementing password aging in NIS?

Hi , is there anyway of implementing password aging in NIS? I would say thanks in advance. Thanks and regards, HAA (1 Reply)
Discussion started by: HAA
1 Replies

5. AIX

SFTP Failed---Request for subsystem 'sftp' failed on channel 0

Hi, While I am trying SFTP my machine to another unix machine , it was working fine till 10 min back. But now i am getting the below error "Request for subsystem 'sftp' failed on channel 0" Could you please someone help me to solve or analyise the root cause... Cheers:b:, Mahiban (0 Replies)
Discussion started by: mahiban
0 Replies

6. UNIX for Dummies Questions & Answers

SFTP subsystem requests

Hi there, what is the meaning of this line: SFTP subsystem requests: 5 Time(s) in: /var/mail/root??? Tks in advance, GB (0 Replies)
Discussion started by: Giordano Bruno
0 Replies

7. UNIX for Advanced & Expert Users

SFTP Jail With Sun SSH Not OpenSSH

Hi all, I have a Solaris 10 server with SUN_SSH_1.1 installed. I want to restrict a user via SFTP to only be able to access one directory. I've written a little script in .profile which works perfectly for an ssh login but it appears sftp doesn't read the .profile file so it doesn't work. ... (2 Replies)
Discussion started by: Donkey25
2 Replies

8. AIX

sftp : have to specify subsystem from client side

I have several ssh servers *running aix 5.3 and they respond to sftp requests just fine, but I have one that requires clients to specify the path to the sftp server using the -s flag which is*/usr/sbin/sftp-server I check the sshd_config across all servers and they are the same. *The other... (1 Reply)
Discussion started by: massdesign
1 Replies

9. Red Hat

sftp jail chroot env setup

Hi I need a specific user to be able to sftp to a server and get files from a specific location. The location is not the users home dir, i don't want the user to be able to view anything else apart from the files in that area. e.g ftp file are is - /logging/phplogs e.g user home is... (1 Reply)
Discussion started by: duckeggs01
1 Replies

10. Linux

Linux password aging and ssh keys

Recently I have been playing with password ageing and the usage of ssh keys. I have found that if usePAM yes (default) is set in the /etc/ssh/sshd_config file then any password ageing and inactiivity can adversely affect a client with ssh keys. For example: Set PASS_MAX_DAYS to 60 in... (5 Replies)
Discussion started by: smurphy_it
5 Replies

LEARN ABOUT MOJAVE

passwd

PASSWD(1)						    BSD General Commands Manual 						 PASSWD(1)

NAME

     passwd -- modify a user's password

SYNOPSIS

     passwd [-i infosystem [-l location]] [-u authname] [user]

DESCRIPTION

     The passwd utility changes the user's password.  If the user is not the super-user, passwd first prompts for the current password and will
     not continue unless the correct password is entered.

     When entering the new password, the characters entered do not echo, in order to avoid the password being seen by a passer-by.  The passwd
     utility prompts for the new password twice in order to detect typing errors.

     The new password should be at least six characters long and not purely alphabetic.  Its total length should be less than _PASSWORD_LEN (cur-
     rently 128 characters), although some directory systems allow longer passwords.  Numbers, upper case letters, and meta characters are encour-
     aged.

     Once the password has been verified, passwd communicates the new password to the directory system.

     -i infosystem
	   This option specifies where the password update should be applied.  Under Mac OS X 10.5 and later, supported directory systems are:

	   PAM	 (default) Pluggable Authentication Modules.

	   opendirectory
		 A system conforming to Open Directory APIs and supporting updates (including LDAP, etc).  If no -l option is specified, the
		 search node is used.

	   file  The local flat-files (included for legacy configurations).

	   nis	 A remote NIS server containing the user's password.

     -l location
	   This option causes the password to be updated in the given location of the chosen directory system.

	   for file,
		 location may be a file name (/etc/master.passwd is the default)

	   for nis,
		 location may be a NIS domainname

	   for opendirectory,
		 location may be a directory node name

	   for PAM,
		 location is not used

     -u authname
	   This option specifies the user name to use when authenticating to the directory node.

     user  This optional argument specifies the user account whose password will be changed.  This account's current password may be required,
	   even when run as the super-user, depending on the directory system.

FILES

     /etc/master.passwd  The user database
     /etc/passwd	 A Version 7 format password file
     /etc/passwd.XXXXXX  Temporary copy of the password file

SEE ALSO

     chpass(1), login(1), dscl(1), passwd(5), pwd_mkdb(8), vipw(8)

     Robert Morris and Ken Thompson, UNIX password security.

HISTORY

     A passwd command appeared in Version 6 AT&T UNIX.

Mac OS X							  August 18, 2008							  Mac OS X
All times are GMT -4. The time now is 12:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy