> > On Thursdayen den 1 August 2002 13.02, Borsenkow Andrej wrote: > > > On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote: > > > > 20020426 > > > > - (djm) Disable PAM password expiry until a complete fix for bug > > > > #188 > > > > > > exists > > > > > > > > disable where? > > > > > > Disable privsep is another way to do it. > > > > that means that sshd in default installation has large bug. If privsep > > results in complete user lockout, then _PLEASE_ disable it by default. > > True, and this has been discussed earlier IIRC. >
Unfortunately disabling privsep still does not wotk. Now it fails differently but still fails, at lest when using the same openssh client version. May be there is something else that must be changed? bor@cooker% ssh iap-pxy-mow1 Enter passphrase for key '/home/bor/.ssh/id_rsa': Enter passphrase for key '/home/bor/.ssh/id_dsa': bor@iap-pxy-mow1's password: Permission denied, please try again. bor@iap-pxy-mow1's password: Received disconnect from x.x.x.x: 2: Too many authentication failures for bor And on server host: Aug 1 15:56:31 iap-pxy-mow1 sshd[8282]: Could not reverse map address x.x.x.x. Aug 1 15:56:31 iap-pxy-mow1 sshd(pam_unix)[8282]: account bor has expired (failed to change password) Aug 1 15:56:31 iap-pxy-mow1 sshd[8282]: PAM rejected by account configuration[13]: User account has expired Aug 1 15:56:31 iap-pxy-mow1 sshd(pam_unix)[8282]: account bor has expired (failed to change password) Aug 1 15:56:31 iap-pxy-mow1 sshd[8282]: PAM rejected by account configuration[13]: User account has expired Aug 1 15:56:31 iap-pxy-mow1 sshd[8282]: Postponed publickey for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:33 iap-pxy-mow1 sshd(pam_unix)[8282]: account bor has expired (failed to change password) Aug 1 15:56:33 iap-pxy-mow1 sshd[8282]: PAM rejected by account configuration[13]: User account has expired Aug 1 15:56:33 iap-pxy-mow1 sshd[8282]: Failed publickey for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:33 iap-pxy-mow1 sshd[8282]: Postponed publickey for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:35 iap-pxy-mow1 sshd(pam_unix)[8282]: account bor has expired (failed to change password) Aug 1 15:56:35 iap-pxy-mow1 sshd[8282]: PAM rejected by account configuration[13]: User account has expired Aug 1 15:56:35 iap-pxy-mow1 sshd[8282]: Failed publickey for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:35 iap-pxy-mow1 sshd[8282]: Failed keyboard-interactive for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:37 iap-pxy-mow1 sshd(pam_unix)[8282]: account bor has expired (failed to change password) Aug 1 15:56:37 iap-pxy-mow1 sshd[8282]: PAM rejected by account configuration[13]: User account has expired Aug 1 15:56:37 iap-pxy-mow1 sshd[8282]: Failed password for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:39 iap-pxy-mow1 sshd(pam_unix)[8282]: account bor has expired (failed to change password) Aug 1 15:56:39 iap-pxy-mow1 sshd[8282]: PAM rejected by account configuration[13]: User account has expired Aug 1 15:56:39 iap-pxy-mow1 sshd[8282]: Failed password for bor from x.x.x.x port 1061 ssh2 Aug 1 15:56:39 iap-pxy-mow1 sshd[8282]: Disconnecting: Too many authentication failures for bor