On 22 Sep, Kyu Lee wrote:
> I've just installed ssh-1.2.27, sshd on HUPUX 10.20, and test ssh on
> Digital UNIX V4.0E (Rev. 1091).
>
> When I age the password (that is to force expiration) on the server, I
> cannot login to the server with rlogin or login. That is expected.
>
> However, I can still ssh to the server from a client to a user ID that is
> disabled. This is not what I expected.
>
Here are the results of some tests I conducted some time ago with ssh
1.2.26 and ssh 2.0.12 under HP/UX 10.01 and Digital Unix 4.0D, both
running in enhanced security mode. The table shows a number of
conditions that can lead to denying access to the system (i.e. account
locking), and if they are checked or not when logging in with ssh
instead of telnet/rlogin.
HP/UX 10.01
===========
Checked? 2.0.12 1.2.26
-------- ------ ------
Password lifetime No Yes
Max. failed logins No Yes
Expiration date No Yes
Manual locking No Yes
Time-of-day restrictions No No
Note that "configure" identifies enhanced security mode only if
running as root.
Digital Unix 4.0D
=================
Checked? 2.0.12 1.2.26
-------- ------ ------
Password lifetime No Yes (*)
Max. failed logins No No
Expiration date No No
Manual locking Yes Yes
(*) When the password lifetime has expired, the user is prompted for
his old password (like in a password change request) but he's not
allowed to change it, and he's not allowed to log into the system.
Also, from the the 2.0.13 README:
KNOWN BUGS
==========
[snip]
* With C2 security package, all the C2 characteristics are not
properly used.
--
----------------------------------------------------------------------
Marina Buitrago Bravo Area de Seguridad Inform�tica
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
http://www.cica.es/seguridad/
Centro de Inform�tica Cient�fica de Andaluc�a (CICA)
----------------------------------------------------------------------
