password aging problem with ssh protocol 2

Amulya Parthasarathy amulyap at
Thu Aug 29 05:43:50 EST 2002

I an running this on SunOS  5.8 Generic_108528-12 sun4u sparc
SUNW,Ultra-Enterprise. My configuration for sshd_config look like this.

Port 22
Protocol 2,1
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility LOCAL7
LogLevel INFO
LoginGraceTime 600
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
RhostsAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
KeepAlive yes
Banner /etc/issue
Subsystem       sftp    /usr/local/libexec/sftp-server


-----Original Message-----
From: Scott Burch [mailto:scott.burch at]
Sent: Wednesday, August 28, 2002 12:22 PM
To: Amulya Parthasarathy
Cc: openssh-unix-dev at
Subject: Re: password aging problem with ssh protocol 2


This will only work on Solaris 8 with the version of OpenSSH you are 
running. Password aging will only work on Solaris 2.6 with current 
snapshots if you are not using privilege separation. If you are using 
privilege separation on the current release or snapshots I don't believe

password aging works with any version of Solaris. Someone can correct me

if I'm wrong. The main problem is that PAM on Linux and other open 
source operating systems has diverged substantially from PAM on Solaris 
(where it originated)...most PAM operations on Solaris need to run as 
root ...there was some discussion about this some time ago. I don't know

if anyone is currently working on code to resolve these issues.


Amulya Parthasarathy wrote:

>I'm using openssh3.1p1 and I'm having some problem with password aging
>with ssh protocol 2. Every time a password expires and I try to login I
>get the following message 
>ssh username at hostname
>username at hostname's password: 
>Warning: Your password has expired, please change it now
>Enter login password: 
>removing root credentials would break the rpc services that
>use secure rpc on this host!
>root may use keylogout -f to do this (at your own risk)!
>Connection to hostname closed by remote host.
>Connection to hostname closed.
>But when ssh into the same server using ssh -1 username at hostname it
>works just fine.
>ssh -1 username at hostname
>username at hostname's password: 
>Warning: Your password has expired, please change it now
>Enter login password: 
>New password: 
>Re-enter new password: 
>sshd (SYSTEM): passwd successfully changed for username
>Last login: Wed Aug 28 11:27:17 2002 from
>Can anybody help me how to get this working for protocol 2.
>openssh-unix-dev at mailing list

More information about the openssh-unix-dev mailing list