passwd: Authentication token manipulation error using ssh and public key
I'm using ssh
and public key (saved in my local computer) to connect to a HPC cluster as follows:
$ ssh -i ~/narvi_key/xenial-narvi-key [email protected]
Enter passphrase for key '/home/xenial/narvi_key/xenial-narvi-key':
When I enter my current password, I get the following message about my expired password:
You are required to change your password immediately (password aged)
Last login: Sun Oct 3 23:24:33 2021 from 85-76-116-76-nat.elisa-mobile.fi
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user alijani.
Changing password for alijani.
(current) UNIX password:
So when I type my password to proceed to next stage, I encounter the error:
passwd: Authentication token manipulation error
Connection to narvi.tut.fi closed.
Questions:
- Is the
(current) UNIX password
the same as what I normally use to login usingssh
? - Do I need to generate new public key?
- How do I solve this problem?
Cheers,
Is the (current) UNIX password the same as what I normally use to login using ssh?
Generally sort of yes, but in your specific case – no.
From what you've shown, "what you normally use to log in using SSH" is actually your public key's passphrase – not the same thing.
Instead, the message talks about the password directly associated with the alijani
account on that system, i.e. the one that you'd have to enter if you weren't using a public key.
Do I need to generate new public key?
No. The message has nothing to do with your public key.
How do I solve this problem?
If you originally got a password before setting up public-key (e.g. if it was emailed to you), then try entering it – that's the password you're being asked to change. It won't change you public key's passphrase.
However, I'd suggest talking to the system's administrators. For example, if they gave you only public-key access but didn't issue an actual password, then it could be that they didn't mean to leave password expiry enabled in the first place.
Without knowing how the system was set up internally (e.g. are the accounts central across the institution or are they individual for each server/node) it's not possible to give an answer that will be correct for everyone.