This article introduces some typical password changer failures with SSH Server, and how to debug it.
FortiPAM, Target SSH Server.
1) Typical failure reasons:
- The corresponding password-changing procedure is different with SSH Server. When this scenario happens, PAM GUI shows the error 'Not matching as step [x]'.
- Failed to connect with SSH Server. When this scenario happens, PAM GUI shows the error 'Connection Failure'.
- Username and password/key are incorrect with SSH Server. When this scenario happens, PAM GUI shows the error 'LIBSSH2_ERROR_Authentication_Failed'.
- The New Password generated by PAM does not meet SSH Server requirements. When this scenario happens, PAM can show different errors: 'Not matching as step [x]' or 'LIBSSH2_ERROR_Authentication_Failed'.
2) How to debug Password Changer Failure:
- Using debug command to debug password changing :
# diag debug en
# diag wad debug enable category pwdchg
# diag wad debug enable level verbose
After the debug finishes, run the command 'diag wad debug clear'.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.