[Bug 1065] password expiration and SSH keys don't go well together
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Aug 10 20:03:38 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1065
------- Additional Comments From dtucker at zip.com.au 2005-08-10 20:03 -------
(In reply to comment #7)
> * The machine is in production now, so I can't obtain the debugging output. I
> will try to obtain in during the next maintenance.
If it's permitted by your policy, you can run sshd on a non-standard port on the
loopback and get the debug trace that way ("/path/to/sshd -ddd -o
listenaddress=127.0.0.1:222")
Alternatively, if it would permit running some code as root that's not a network
service then you could use my PAM test tool:
http://www.zip.com.au/~dtucker/patches/#pamtest
The "-a" option approximates what sshd does for public-key authentications, and
the "-s" option lets you test alternate PAM service names without affecting the
production ones. It may give enough information to figure out what's going on.
Something like this ought to do it:
# ./pam-test-harness -s sshd -a -u youruser
Caveat: it does not implement an "echo off" so it will echo any passwords to the
tty. Remove anything sensitive before sending (and beware of shoulder-surfers :-)
If neither of the above is the case then I'm out of options and we'll wait for
the debug output.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list