[Bug 3576] New: The sftp-server does not provide the feature of changing expired passwords, which is provided by the sshd.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat May 27 13:21:13 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3576
Bug ID: 3576
Summary: The sftp-server does not provide the feature of
changing expired passwords, which is provided by the
sshd.
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sftp-server
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
Hi!
When I try to ssh into an account with an expired password, I'm
reminded and can change the password, as shown below,
```
# ssh user at ipaddress
Authorized users only. All activities may be monitored and reported.
user at ipaddress's password:
You are required to change your password immediately (administrator
enforced).
Authorized users only. All activities may be monitored and reported.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user.
Changing password for user.
Current password:
```
But when I log in using sftp, I'm not prompted to change the password,
but just disconnect.
```
# sftp user at ipaddress
Authorized users only. All activities may be monitored and reported.
user at ipaddress's password:
You are required to change your password immediately (administrator
enforced).
subsystem request failed on channel 0
Connection closed
```
I have some doubts about this, if sftp-server is designed like this,
please let me know the reason.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list