PuTTY semi-bug ssh2-password-expiry

PuTTY semi-bug ssh2-password-expiry

This is a mirror. The primary PuTTY web site can be found here.

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: Support for SSH-2 password expiry mechanisms
class: semi-bug: This might or might not be a bug, depending on your precise definition of what a bug is.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
fixed-in: r6445 2005-11-05 (0.59) (0.60)

PuTTY doesn't currently support the password expiry mechanisms represented in draft-ietf-secsh-userauth-16 by SSH_MSG_USERAUTH_PASSWD_CHANGEREQ et al.

Originally we weren't aware of any SSH servers which sent this message. The following have since come to light:

  • Old versions of the OpenSSH password expiry patches used to use this mechanism, but I believe that newer versions (including the version that was incorporated in OpenSSH 3.8) don't.
  • VanDyke's Windows server, VShell (according to a message on IETF secsh)
  • At least some versions of ssh.com on OpenVMS, e.g.,
    SSH-2.0-3.2.0 SSH Secure Shell OpenVMS V5.5

Update, 2005-11-05: this is now implemented, and partially tested.

Update, 2006-09-06: the UI has been slightly modified to accommodate Cisco servers, which allow a password change to be requested by entering a blank password.

Audit trail for this semi-bug.

If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2006-09-05 23:09:51 +0100)