Solved: ACS 5.x " Change Password on Next Login" does not work with SSH

MANSOORQ123 · ‎11-24-2012

Dear Team

As observed ACS 5.x " Change Password on Next Login" Feature does not work with SSH Clients ( tried with X-sheel, Secure CRT, Putty etc...) , however through telnet session to IOS devices, users can change their password on their next login.

1: on ACS 5.x i create a new user & Set " Change password on NExt Login" option.

2: Logged into the device through Telnet & Password can be changed after i authenticate successfully.

however

the same is not happening when i login to the devices through SSH.

is it because of the fact that SSH is encrypted session ?

Because changing password through a telnet session is not accepted in many fanancial organizations as per PCI Standard.

Any response will be highly appreciated.

Thanks

Ahad

vaba · ‎11-28-2012

Hi MANSOORRQ123

You need to use 'Keyboard Interactive' as a first "Authentication" method

Putty 0.62 uses 'Keyboard Interactive' authentication as default.

Here is information about Secure CRT 6.7.2:

Move 'Keyboard Interactive' to the top in the "Authentication" sub-category of SecureCRT's 'Options / Session Options / Connection / SSH2' category

View solution in original post

vaba · ‎11-28-2012

Hi MANSOORRQ123

You need to use 'Keyboard Interactive' as a first "Authentication" method

Putty 0.62 uses 'Keyboard Interactive' authentication as default.

Here is information about Secure CRT 6.7.2:

Move 'Keyboard Interactive' to the top in the "Authentication" sub-category of SecureCRT's 'Options / Session Options / Connection / SSH2' category

MANSOORQ123 · ‎11-29-2012

Hi VABA

Thanks a lot for your help.

Kind Regards

Ahad

ACS 5.x " Change Password on Next Login" does not work with SSH Clients