Connection terminates just after changing the password for user whose password was expired.

MAYANK SHARMA mayank.fit2010 at gmail.com
Fri Jun 15 20:25:19 AEST 2018 

Hi ,

I am using OpenSSH7.5 on AIX platform and I was testing the same against
the user's password expired functionality.
Normally when password is expired and if I do telnet , it will prompt for
password change and at the same time user will allowed to logged in
successfully.
But when I try the same with ssh, it prompts me for password change and
after changing the password, the connection terminates.

Recreation steps -
-------------------------
1. Create any user and set the password of that user with root user.
2. Run the following command ssh user at localhost
3. It will prompt for password. Give password appropriately.
4. You will see connection will terminate just after giving the password as
shown below -

# ssh tstuser at localhost
tstuser at localhost's password:
[compat]: 3004-610 You are required to change your password.
        Please choose a new one.
************************************************************
*******************
*
   *
*
   *
*  Welcome to AIX Version 7.1!
  *
*
   *
*
   *
*  Please see the README file in /usr/lpp/bos for information pertinent to
  *
*  this release of the AIX Operating System.
  *
*
   *
*
   *
************************************************************
*******************
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for "tstuser"
tstuser's Old password:
tstuser's New password:
Enter the new password again:
Connection to localhost closed.



I went through the source code and what I came to know that in file
"session.c" , there is function "do_pwchange", which includes "exit(1)"
just after the password change.


static void
do_pwchange(Session *s)
{
fflush(NULL);
fprintf(stderr, "WARNING: Your password has expired.\n");
if (s->ttyfd != -1) {
fprintf(stderr,
    "You must change your password now and login again!\n");
#ifdef WITH_SELINUX
setexeccon(NULL);
#endif
#ifdef PASSWD_NEEDS_USERNAME
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
    (char *)NULL);
#else
execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
#endif
perror("passwd");
} else {
fprintf(stderr,
    "Password change required but no TTY available.\n");
}
exit(1);
}



Therefore, I want to know why "exit(1)" is placed just after password
change and why user is not allowed to logged in at the same time when he
changed the password .

-- 
*Thanks & Regards :*
*Mayank Sharma *

More information about the openssh-unix-dev mailing list