[ale] Is there a limit on password length or characters for OUTBOUND sftp when receding a "password" prompt?

Jim Kinney jim.kinney at gmail.com
Thu Apr 20 14:17:25 EDT 2017


On Thu, 2017-04-20 at 17:46 +0000, Lightner, Jeffrey wrote:
> Note I am NOT asking generic “is there a limit to password size” nor
> am I asking how to configure the remote sftp server (because I
> can’t).
> 
>  
> 
> I AM asking specifically if the sftp COMMAND (not the daemon) that
> runs on some flavors of Linux has a size limit to what it will pass
> to the remote side or possibly won’t pass the “-“ character for some
> reason?
> 
>  
> 
> Also please don’t tell me RHEL5 is end of support as I already know
> that.   My question is about RHEL6 so I am only noting I also see the
> issue on RHEL5 but not RHEL7.
> 
>  
> 
> Background to the question:
> 
> We are attempting to do sftp login to a remote site from our local
> RHEL servers.   We are connecting successfully but on entering
> password (either by typing it or doing a cut and paste) the password
> is being rejected.  
> 
> 
>  
> 
> This is only occurring when we do sftp from RHEL6 (and RHEL5) but on
> testing from a RHEL7 server it is working.   This suggest the sftp
> command itself (not the demon) on RHEL6 (and RHEL5) is doing
> something different than it does on RHEL7.  
> 
> 
>  
> 
> The password being sent is 30+ character and contains "-"
> characters.  Hence I’m asking is there any length limit or special
> character limit sftp command on RHEL6 (and RHEL5) has that RHEL7
> doesn't?  

SFTP may not like '!' characters prior to RHEL7. I've run into issues
with terminal being in a funky codepage mode and 'export LC=C' fixed
many things (fuzzy memory of weird setup in RHEL6 that was fixed in
RHEL7). I've not seen anything that suggests the sftp command has a
password limit below the line limit for the shell.
>  
> On looking for such a limit the only thing I found even remotely like
> this was bug fix for Cisco where someone ran into a limit of 15/16
> characters for password (but even that may  have been the daemon on
> the server [switch] rather than
>  the command initiating the connection) but it has scant details.
>  
> I’ve opened a case with RedHat and am waiting to hear back but
> figured I’d see if anyone in the community has run into it.
>  
> Please don’t make suggestions regarding changing the password length
> or other settings on the remote side as I have no direct access to
> make such changes and don’t feel they’d be willing to make any as
> they deem this setup secure.
>  
>  
> 
> 
> 
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
> confidential information and is for the sole use of the intended
> recipient(s). If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information
>  is prohibited and may be unlawful. If you have received this
> electronic transmission in error, please reply immediately to the
> sender that you have received the message in error, and delete it.
> Thank you
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170420/5e2780bb/attachment.html>


More information about the Ale mailing list