HP-UX & Putty Log-In Prompt Problem - SSH

This is a discussion on HP-UX & Putty Log-In Prompt Problem - SSH ; Using HP-UX 11.11 and OpenSSH, a user accessing the server via Putty 5.7. When their UNIX password has expired, they get an incomplete prompt at their terminal. Intead of the message "Changing Password for USER-ID Old password:", they get "Changing ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: HP-UX & Putty Log-In Prompt Problem

  1. HP-UX & Putty Log-In Prompt Problem

    Using HP-UX 11.11 and OpenSSH, a user accessing the server via Putty
    5.7. When their UNIX password has expired, they get an incomplete
    prompt at their terminal. Intead of the message "Changing Password for
    USER-ID Old password:", they get "Changing password f".

    The prompt stops at the letter f, but they can still enter their old
    password and complete the password change process.

    Has anyone seen this or knows how to correct it?


  2. Re: HP-UX & Putty Log-In Prompt Problem

    robert.hursch@lmco.com writes:
    >Using HP-UX 11.11 and OpenSSH, a user accessing the server via Putty
    >5.7. When their UNIX password has expired, they get an incomplete
    >prompt at their terminal. Intead of the message "Changing Password for
    >USER-ID Old password:", they get "Changing password f".
    >
    >The prompt stops at the letter f, but they can still enter their old
    >password and complete the password change process.


    This sounds like a problem report we had a while ago. Our correspondent
    was using SSH-2 and "keyboard-interactive" authentication, and OpenSSH
    on HP/UX was stuffing huge amounts of stuff into the prompt string
    ("last successful login", etc) (which RFC4256 says you shouldn't do,
    grumble); PuTTY had a fixed-length buffer for the prompt, so truncated
    it. At the time, we bumped the maximum prompt length from 200 to 512
    bytes, and added an explicit indication of a truncated prompt. (This
    went into 0.56.)

    However, it looks like we didn't make any equivalent change to the SSH-1
    equivalent of "keyboard-interactive" (TIS/CryptoCard), so if you're
    using SSH-1 (which you can tell from PuTTY's Event Log) and the server
    is sending a long prompt in this way, you may very well see the symptoms
    you describe, even with modern PuTTY (up to 0.58).

    The current development snapshots of PuTTY do not have these arbitrary
    restrictions on prompt length, so this issue shouldn't occur. Try them?

  3. Re: HP-UX & Putty Log-In Prompt Problem

    On 2006-03-28, Jacob Nevins wrote:
    > This sounds like a problem report we had a while ago. Our correspondent
    > was using SSH-2 and "keyboard-interactive" authentication, and OpenSSH
    > on HP/UX was stuffing huge amounts of stuff into the prompt string
    > ("last successful login", etc) (which RFC4256 says you shouldn't do,
    > grumble)


    Yeah, we should change that.

    It's the way it is because the same PAM conversation function is used for
    both SSHv1 and SSHv2, but v2 has a lot more flexibility about sending back
    that kind of info (eg the "instruction" field in the keyboard-interactive
    packet or separate Banner packet).

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread