SSH_MSG_USERAUTH_PASSWD_CHANGEREQ and 3.1.0 F-SECURE SSH - Proces s Software SSH for OpenVMS

Jason McCormick jason at devrandom.org
Fri Jun 18 12:59:12 EST 2004 

> <snip>
> debug1: Remote protocol version 1.99, remote software version 3.1.0
> F-SECURE SSH - Process Software SSH for OpenVMS
> debug1: no match: 3.1.0 F-SECURE SSH - Process Software SSH for
> OpenVMS </snip>

  This is not the latest version of SSH for VMS from Process.  The 
latest version is 3.2.0 for VMS (patchset SSH-062_A044 for Multinet 
v4.4 or SSH_V562P032 for TCPWare 5.6-2, not sure about the stand-alone 
product). Check to make sure your issue is present in the latest 
production release of SSH for VMS.

  Our setups may be different, but I don't get an error like you're 
seeing from an expired password.  I pushed my account to have the 
password expired and then tried to login.  I enter my password and I'm 
immediately prompted by the VMS auth system to change my password as 
its expired.  Here's my ssh -vvv output (based from your output):

debug1: Next authentication method: password
debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug2: channel 0: request pty-req
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
<....>
debug2: x11_get_proto: /usr/X11R6/bin/xauth 
-f /tmp/ssh-QgmoT18829/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 
untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/X11R6/bin/xauth 
-f /tmp/ssh-QgmoT18829/xauthfile list :0.0 . 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req
debug2: channel 0: request shell
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 100000 rmax 16384


Your password has expired; you must set a new password to log in

Old password:


This is the behavior I would expect.  I'm not 100% familiar with the 
section of the draft spec you're talking about, but this is how I would 
be expecting my VMS system to act.

Just for the record:

jason at sith jason $ telnet vmsbox 22
Trying xx.xx.xxx.xx...
Connected to vmsbox.
Escape character is '^]'.
SSH-1.99-3.2.0 F-SECURE SSH - Process Software MultiNet

-- 
Jason McCormick 
jason at devrandom.org
GPG Key ID: 96D6CF63

More information about the openssh-unix-dev mailing list