Password Change with SFTP

0 votes
asked Jul 20, 2012 by Gary Bartlett (120 points)
edited Jul 30, 2012

Greetings,

Is it possible to recognize a required password change and change the password for a user on an SFTP connection.

When I attempt this in FileZilla, I get an error back as follows:

Server sent an additional login prompt. You need to use the interactive login type.

If I use the interactive login type, then FileZilla will prompt me for the old and new passwords.

I see that RebEx supports a callback for SshAuthenticationRequestEventHandler - is this something I can use to accomplish this ?

Thanks,

Gary Bartlett

2 Answers

0 votes
answered Jul 20, 2012 by Jan Sotola (16,540 points)
edited Jul 22, 2012

Yes, the Sftp.AuthenticationRequest event is intended just for such situations. A hadler of this event obtains SshAuthenticationRequestEventArgs and the event args can be used for:

  • displaying information to user
  • gathering required data from user and passing them back to the SFTP component

Processing of this event is implemented in the SFTP WinForm sample. Please open this sample project from the installation of Rebex components on your computer. You can try to connect to your server using this sample SFTP client. And you can also look into the code how the Sftp.AuthenticationRequest event is implemented.

commented Jul 22, 2012 by Gary Bartlett (120 points)
edited Jul 22, 2012

Unfortunately this is not working for me.

Using the SFTP WinForm sample, the following exceptions is thrown when I need to change the password, and the Handler is not invoked. Are there any other options to accomplish this ?

FileZilla prompts when running in interactive mode, so there must be a way to do it.

10:33:17.598 Error SSH: Rebex.Net.SshException: The user must change the password first. at Rebex.Net.SshSession.VXRf6(String , String , Boolean )

commented Jul 22, 2012 by Jan Sotola (16,540 points)
edited Jul 22, 2012

Would it be possible to send us an anonymized log from Filezila? You may send it by e-mail to support@rebex.net.

commented Jul 22, 2012 by Gary Bartlett (120 points)
edited Jul 22, 2012

Thanks for the quick response, I can send what displays in the main window, but other than that I am not sure if there is any way to have FileZilla generate a log.

Also, I turned on verbose logging with RebEx and this is the message being returned from the sever.

10:45:57.343 Verbose SSH: Received packet SSH_MSG_USERAUTH_60 (29 bytes).
 0000 |3C-00-00-00-14-4D-32-20 43-68-61-6E-67-65-20-50| <....M2 Change P
 0010 |61-73-73-77-6F-72-64-21 0A-00-00-00-00         | assword!.....
commented Jul 22, 2012 by Jan Sotola (16,540 points)
edited Jul 22, 2012

As a "FileZilla log" I meant just what is displayed in the main window, sorry for being inaccurate.

Anyway, for today I'm just gathering information from you, a final answer have to be consulted with my colleague on Monday.

commented Jul 22, 2012 by Gary Bartlett (120 points)
edited Jul 22, 2012

Just sent the log, let me know if you don't get it.

Thanks,

Gary Bartlett

+1 vote
answered Jul 30, 2012 by Lukas Pokorny (92,870 points)
edited Jul 30, 2012

After a bit of research with Gary Bartlett's help, it turned out the server is not actually using "internative" authentication, which means that Sftp.AuthenticationRequest is not the way to change the password.

The following code can be used instead:

        Sftp sftp = new Sftp();
        sftp.Connect(serverName, port);
        try
        {
            sftp.Login(userName, password);
        }
        catch (SftpException error)
        {
            SshException sshError = error.InnerException as SshException;
            if (sshError == null || sshError.Status != SshExceptionStatus.PasswordChangeRequired)
                throw;

            SshPasswordChangeResult result = sftp.Session.ChangePassword(userName, password, newPassword);
            switch (result)
            {
                case SshPasswordChangeResult.ChangedButNotAuthenticated:
                    sftp.Session.Authenticate(userName, newPassword);
                    break;
                case SshPasswordChangeResult.Success:
                    break;
                case SshPasswordChangeResult.Failure:
                    throw new ApplicationException("Unable to change password");
            }
            sftp.Disconnect();

            password = newPassword;
            sftp.Connect(serverName, port);
            sftp.Login(userName, password);
        }
...