Skip to Main Content
SSH, The Secure Shell: The Definitive Guide, 2nd Edition
book

SSH, The Secure Shell: The Definitive Guide, 2nd Edition

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
May 2005
Intermediate to advanced content levelIntermediate to advanced
666 pages
21h 5m
English
O'Reilly Media, Inc.
Book available
Content preview from SSH, The Secure Shell: The Definitive Guide, 2nd Edition

Tectia Plugins

The Tectia server can use external programs, known as plugins , for flexible handling of tasks like changing passwords [5.4.2.3], driving the process for keyboard-interactive authentication [5.4.5.2], or performing arbitrary checks for access control. [5.5.6] We’ll demonstrate how to use plugins with several examples:

  • Handling expired passwords

  • Extending keyboard-interactive authentication

  • Authorization

11.7.1 A Plugin for Changing Expired Passwords

Remember our discussion of expired passwords in Chapter 5? [5.4.2.3] We showed how Tectia’s SSH server can detect an expired password at authentication time, and prompt the user to change it:

    $ ssh server.example.com
    rebecca's password: < ... old, expired password ... >
    Authentication successful.
    < ... the following output is from running the passwd forced command ... >
    Changing password for user rebecca.

    Changing password for rebecca
    (current) UNIX password: < ... old, expired password, again ... >
    New password: < ... new password ... >
    Retype new password: < ... new password, again ... >
    passwd: all authentication tokens updated successfully.
    Connection to server.example.com closed.

The SSH server accomplishes this by calling either the system password-change program (e.g., passwd) or an alternative program specified by the PasswdPath configuration keyword. This technique, which is the default, uses a forced command to change the password. This method is conceptually simple but has several drawbacks:

  • No explicit indication ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering Linux Security and Hardening - Third Edition

Mastering Linux Security and Hardening - Third Edition

Donald A. Tevault
Network Security with OpenSSL

Network Security with OpenSSL

John Viega, Matt Messier, Pravir Chandra

Publisher Resources

ISBN: 0596008953Errata Page