OpenSSH User Password Change

Posted on 2006-05-22
Last Modified: 2012-06-21
In OpenSSh, how are user account passwords changed?  I am running it on Windows Server 2003.
Question by:glbt
    LVL 34

    Accepted Solution

    OpenSSH doesn't store user passwords or provide its own authentication mechanism. It uses whatever identity store is  provided by the host computer/OS. Passwords are changed using whatever tools/methods are appropriate to that identity store.

    Author Comment


    Thank your for the quick answer.  So, to clarify my understanding of your reply, since I am running OpenSSH on a Windows based server and the user account is local to that server (not a domain account), when I change the user account password on the local server, there is no internal OpenSSH identity store, i.e., the local SAM.  Thus, OpenSSH uses user account context of the local server or domain.

    This leads me to ask:  What is the function of the mkpasswd program which creates the passwd file?


    LVL 34

    Expert Comment

    As I understand OpenSSH under Windoze, it operates under the Cygwin shell environment. "mkpasswd" reads the local SAM and created an /etc/passwd for sshd to use for authentication.

    Within a Cygwin shell, see --> man mkpasswd

    Also, as I understand it, this is a static extract. That is, you run mkpasswd, it builds /etc/passwd, and the created file has the credentials of the users in the state they existed at the time mkpasswd was run. From what I can discern from the documentation I'm reading, if a user's password changes, mkpasswd must be re-run to re-extract the credentials from the SAM database.

    The docs do note the importance of making sure that the sshd service is running under an account that can read and/or write to the proper files, such as /etc/passed, /var/log/sshd.log, your ~/.ssh directory, and the host keys in /etc.

    Author Comment

    Thank you very much.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now