[Bug 1904] New: sshd refuses certificate-based authentication if password has expired

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu May 12 05:37:49 EST 2011


           Summary: sshd refuses certificate-based authentication if
                    password has expired
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: meta at pobox.com

WARNING: Your password has expired.
Password change required but no TTY available.
rsync: connection unexpectedly closed (0 bytes received so far)

The problem: No password was being used.

I contend that certificate-based authentication should still be allowed
if the password has expired.

The fact that a password has expired does not mean that the account has
been compromised and that RSA keys should not be trusted; it simply
means that the aged password should not be used any more. Locking out
an authorized key because a password has expired makes about as much
sense to me as locking out every other key in authorized_keys because
one of them is revoked.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list