Handling SFTP Password expiration/change

Question

I'd like to handle the password expiration/change process of an SFTP connection. I didn't think there would be any general methods for this, but I had assumed I would at least be able to detect/parse the prompts and send text via low-level SFTP commands. Now that I look/think about SFTP I'm not sure this is possible. In fact, I don't even see how I can send low-level commands, or access the actual text response, at all in the FTPConnection (or derivative) classes. I am using EdtFTPnetPRO version 6.3.0.20.

Does anyone have any advice on this? Particularly if there is an easier method that I haven't been able to find. The more I think about it, the more I wonder if there shouldn't be methods in the API for this.

I am using the .NET libraries for production system, but wanted to show an example (via command-line) of the interaction below.

Thanks,
James Smyth

[user1@nix.domain.com]/dir1/dir2> sftp SOMEUSER@X.Y.Z.W
Connecting to X.Y.Z.W...

Password:
Your password has expired. Choose a new password.
Old Password:
New password:
Re-enter new password:
sftp> quit
[user1@nix.domain.com]/dir1/dir2>

Answer 1

It's certainly possible to do, although it will require some code changes (for us I mean).

It'd be very helpful if you posted the log when using extra debug:

sftp -vvv SOMEUSER@X.Y.Z.W

That would ensure that we can confirm what messages this server is sending you.

Answer 2

It's certainly possible to do, although it will require some code changes (for us I mean).

It'd be very helpful if you posted the log when using extra debug:

sftp -vvv SOMEUSER@X.Y.Z.W

That would ensure that we can confirm what messages this server is sending you.

I don't have the ability to induce a password expiration. I'll try to remember to run w/ the extra debugging next time (maybe a month).

Also, am I correct that there is no way to send or receive text commands via the FTPConnection object?

Answer 3

If the server supports it, you can execute commands on it via SFTP or FTP. See InvokeCommandSSH, InvokeFTPCommand and InvokeSiteCommand

Answer 4

If the server supports it, you can execute commands on it via SFTP or FTP. See InvokeCommandSSH, InvokeFTPCommand and InvokeSiteCommand

And what about being able to parse the response at a comparably low level. For instance, the back and forth of the password expiration/change starts w/ the server sending the "Your password has expired. Choose a new password" text and I would want to be able to detect that. I'm imagining something like GetLastResponse. Thanks, James

Answer 5

If the password has expired, the server should send a SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message to the client.

The best way to deal with this is for us to add a callback that requests the password.

It would be good however to confirm that this is what your server is doing.

Answer 6

If the password has expired, the server should send a SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message to the client.

The best way to deal with this is for us to add a callback that requests the password.

It would be good however to confirm that this is what your server is doing.

Roger. As I mentioned previously, I'll have to wait for this server to expire my password. I'll then capture the detail per your instructions. That will probably be a month from now, so if there's a better place to send that detail, rather than posting it here, let me know. Thanks, James

Answer 7

Yes, please email to support at enterprisedt dot com.