https://bugzilla.mindrot.org/show_bug.cgi?id=3576
Bug ID: 3576 Summary: The sftp-server does not provide the feature of changing expired passwords, which is provided by the sshd. Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: security Priority: P5 Component: sftp-server Assignee: unassigned-b...@mindrot.org Reporter: rmsh1...@163.com Hi! When I try to ssh into an account with an expired password, I'm reminded and can change the password, as shown below, ``` # ssh user@ipaddress Authorized users only. All activities may be monitored and reported. user@ipaddress's password: You are required to change your password immediately (administrator enforced). Authorized users only. All activities may be monitored and reported. WARNING: Your password has expired. You must change your password now and login again! Changing password for user user. Changing password for user. Current password: ``` But when I log in using sftp, I'm not prompted to change the password, but just disconnect. ``` # sftp user@ipaddress Authorized users only. All activities may be monitored and reported. user@ipaddress's password: You are required to change your password immediately (administrator enforced). subsystem request failed on channel 0 Connection closed ``` I have some doubts about this, if sftp-server is designed like this, please let me know the reason. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs