Discuss this help topic in SecureBlackbox Forum

Request password change

A user may request the SSH server to change their server-side password during their SSH handshake.

Before connecting, set RequestPasswordChange property to true. Note that this should be set in addition to any other authentication settings the user normally uses with the server - e.g. their Username and Password values must be set as normal.

Besides, hang on the OnPasswordChangeRequest event. This event will be called when the component needs a new password from the user, normally after the user has been authenticated via its existing password.

Inside the event handler you are supposed to display the string passed via Prompt parameter to the user and ask them to provide a new password. This is a message originating from the server that asks the user for their new password and possibly instructs on certain password limitations in place (minimal length, allowed characters etc.). Having received the password, pass it back to the component via the NewPassword property. If the user changed their mind about changing the password, set Cancel to true instead.

Note that it is your responsibility that the user has provided the password safely and securely. For example, it makes sense to ask for the password twice to confirm its correctness.

If you received no errors on this stage, the password was changed successfully.

Described is a native method offered by SSH protocol. Note that there are different ways for the user to change their password on the server side (e.g. by calling passwd command via the shell channel). This method however doesn't depend on shell and can be used even when no shell is available via the SSH channel.

How To articles about SSH client

Discuss this help topic in SecureBlackbox Forum