SSH connection: identify where user password has expired.

0 votes
asked Nov 29 by andy.trayler (130 points)

Using REBEX .NET:

When connection to a nix box using an account where the password has expired, I was hoping that the exception raised would identify the (exception) status as having an enumerated value of *SshExceptionStatus.PasswordChangeRequired. However it seems to have a SshExceptionStatus.ConnectionClosed status.

As this route to identify that a password has expired doesn't seem to be supported, I went looking for another method.

I noticed in the SSH protocol exchange that the SSH2MSGUSERAUTH_BANNER has a string that identifies the account has expired. Is it possible to access this data through the REBEX interface?

1 Answer

+1 vote
answered Nov 29 by Lukas Matyska (47,950 points)

An exception with the SshExceptionStatus.PasswordChangeRequired is raised only in case the SSH server sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ packet to the client.

Determining SshExceptionStatus.PasswordChangeRequired from banner is not supported.

To read content of the banner received from the server, please use the BannerReceived event.

If you send us verbose communication log to support@rebex.net, we can analyze the server behavior and give you some suggestion. The log can be created like this:

client.LogWriter = new Rebex.FileLogWriter("c:/data/ssh.log", Rebex.LogLevel.Verbose);
commented Nov 29 by andy.trayler (130 points)
Thanks for the update - I will do some investigation on the BannerReceived event to see if I can apply an logic  to this data.....
commented 2 days ago by andy.trayler (130 points)
Just wanted to confirm that this answer provided me with the means to identify a Change Password Banner using the bannerReceived event to catch appropriate text.
commented 2 days ago by Lukas Matyska (47,950 points)
Yes, the banner received from the SFTP server can be read using the BannerReceived event (see documentation page http://help.rebex.net/##RebexTotalPack.chm/Html/E_Rebex_Net_Sftp_BannerReceived.htm)

However, if you send us Verbose log as mentioned above, we can analyze server behavior and suggest you the best way to be notified about password change requests.
...