[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 749
  • Last Modified:

OpenSSH User Password Change

In OpenSSh, how are user account passwords changed?  I am running it on Windows Server 2003.
0
glbt
Asked:
glbt
  • 2
  • 2
1 Solution
 
PsiCopCommented:
OpenSSH doesn't store user passwords or provide its own authentication mechanism. It uses whatever identity store is  provided by the host computer/OS. Passwords are changed using whatever tools/methods are appropriate to that identity store.
0
 
glbtAuthor Commented:
PsiCop,

Thank your for the quick answer.  So, to clarify my understanding of your reply, since I am running OpenSSH on a Windows based server and the user account is local to that server (not a domain account), when I change the user account password on the local server, there is no internal OpenSSH identity store, i.e., the local SAM.  Thus, OpenSSH uses user account context of the local server or domain.

This leads me to ask:  What is the function of the mkpasswd program which creates the passwd file?

Thanks,

glbt
0
 
PsiCopCommented:
As I understand OpenSSH under Windoze, it operates under the Cygwin shell environment. "mkpasswd" reads the local SAM and created an /etc/passwd for sshd to use for authentication.

Within a Cygwin shell, see --> man mkpasswd

Also, as I understand it, this is a static extract. That is, you run mkpasswd, it builds /etc/passwd, and the created file has the credentials of the users in the state they existed at the time mkpasswd was run. From what I can discern from the documentation I'm reading, if a user's password changes, mkpasswd must be re-run to re-extract the credentials from the SAM database.

The docs do note the importance of making sure that the sshd service is running under an account that can read and/or write to the proper files, such as /etc/passed, /var/log/sshd.log, your ~/.ssh directory, and the host keys in /etc.
0
 
glbtAuthor Commented:
Thank you very much.

glbt
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now