Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

OCAS TSS

Thanx

I appreciate it.

Kevin
martin

Re: Ahh yes

I'll think about another solution :-)
OCAS TSS

Ahh yes

Well, we've actually investigated this before, but our hosted services are at IBM, and they are on AIX, as well, they have strict rules as to what they will allow on their servers, mainly because they need to keep up their end of the 99.5% uptime guarantee.

It was hard enough to get them to upgrade OPENSSH to allow the SFTP server to utilitze the home folder fix.

I don't particularly like the idea of have a button for using Putty either, but I know for most people they probably won't have any say as to which SSH is running on the server they are connecting to, like us.

Kevin

P.S. please don't feel you have to do this if it goes against your overall goal for WinSCP.
martin

Re: Proposal

OCAS TSS wrote:

I'm proposing that the user decides if they want to use Putty or not to make the connection.

Sorry, I've missed that. Yes, this can be done, if there's no other option. But I would like to see more "standard" solution. What server do you use? OpenSSH? It should support the password change on expiry mechanism as I've noted in the previous post.
OCAS TSS

Proposal

I'm proposing that the user decides if they want to use Putty or not to make the connection.

When WinSCP fails at login, expecially when the password has been saved into the profile, it's 99% of the time expired.

I just wondered if a quick shortcut button could be placed on the same authentication window that pops up, that uses Putty to connect to the same server.

If I can get a passowrd to expire today, I'll send a mock up of what I mean.

I've gone and created a mock up, can I attach files?

I'll email you the image for this post.
martin

Re: Expired password denied login

OCAS TSS wrote:

Would it be possible to have an option of using Putty to connect to the session if WINSCP fails at logon? Maybe a little button that says, use Putty to connect. This would allow the user to connect to the server, at which time it would ask for the current password and then ask them to change it. After that, our system actually logs the user out. They can then use WinSCP to connect with the new password.

AFAIK, there's no way to know that authentication failed because the password expired (appart from the error message).

Just to myself repeat:
For non-interactive clients, SSH provides possibility to change expired password using keyboard-interactive (or similar) authentication. However I do not know how good support for this is in SSH servers.
OCAS TSS

Expired password denied login

Hi Martin,
I have this issue as well, since I have many users who are extremely low on technical knowledge.

They perform very simple tasks.

When their password has expired, they just can't use WINSCP. It keeps asking for a password. Meanwhile their password has actually expired and they must change it.

They then create a trouble ticket for me stating they can't use WinSCP. At which time I have to change their password for them, since they have no idea how to use a client to login and change the password.

Would it be possible to have an option of using Putty to connect to the session if WINSCP fails at logon? Maybe a little button that says, use Putty to connect. This would allow the user to connect to the server, at which time it would ask for the current password and then ask them to change it. After that, our system actually logs the user out. They can then use WinSCP to connect with the new password.

Any chance of that happening??

Please ask me anything for further clarification.

Thank you,
OCAS TSS
martin

Re: Password change required but no TTY available

lohmh wrote:

I also encountered the same error message. Below is the log/error message.

Server sent disconnect message
type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
"Password change required but no TTY available"

Hm. I'm sorry, obviously I cannot do anything with it. See my suggestion about keyboard-interactive autentication.
lohmh

Password change required but no TTY available

I also encountered the same error message. Below is the log/error message.

Server sent disconnect message
type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
"Password change required but no TTY available"

Regards,
lohmh
martin

Re: Password change required but no TTY available

wkfl wrote:

on my SSH server following error message is logged: "Password change required but no TTY available". Is it possible to inform the WinSCP user about this problem during his logging attempt.

Can you provide me log file showing WinSCP trying to connect to account with expired password?

The next step is, that WinSCP offers a tty connection to the server, to change this password.

WinSCP cannot offer TTY, because neither SCP not SFTP can work with it. For non-interactive clients, SSH provides possibility to change expired password using keyboard-interactive (or similar) authentication. However I do not know how good support for this is in SSH servers.
wkfl

Password change required but no TTY available

Hello,

on my SSH server following error message is logged: "Password change required but no TTY available". Is it possible to inform the WinSCP user about this problem during his logging attempt. I know, that WinSCP has no tty. The next step is, that WinSCP offers a tty connection to the server, to change this password.

Thanks in andvance.

wkfl