Forums

SSH won't log in after password change

I changed my password and now when I push to server, the SSH won't let me in.

<<<<<<:>~ PythonAnywhere SSH. Help @ https://www.pythonanywhere.com/help/#id_ssh 
evilkillerfiggin@ssh.pythonanywhere.com's password: 
Permission denied, please try again.

It's quite urgent, as I have a hotfix waiting to be deployed.

My account on PythonAnywhere seems content to let me keep changing the password, so I changed it back to what it was on the off chance that would help, but no dice.

Beloved premium user evilkillerfiggin | 72 posts | Sept. 10, 2013, 11:11 a.m. | permalink

That's really strange -- they both use the same password database. What happens if you try to log in to the PythonAnywhere website from an incognito window?

Staff giles | 11788 posts | PythonAnywhere staff | Sept. 10, 2013, 1:57 p.m. | permalink

Just logged in while Incognito and it worked fine.

Then retried the ssh one more time and that worked too.

I'd still like to change my password, but I'm not sure I dare to at the moment.

Beloved premium user evilkillerfiggin | 72 posts | Sept. 10, 2013, 2:34 p.m. | permalink

Curiouser and curiouser. Perhaps it's worth trying again once you have your hotfix live and things are less urgent? If the worst comes to the worst, then you can always reset the password -- and we're only an email away if things go wrong.

Staff giles | 11788 posts | PythonAnywhere staff | Sept. 10, 2013, 3:14 p.m. | permalink

Right, tried it again:

-changed PA password

-ssh in : won't work, permission denied

-log in to PA from Incognito

-ssh in : works fine

What seems to happen is that the ssh locks me out the moment I change the PA password, but then when I log in to PA again it wakes up and fixes itself for some reason.

Beloved premium user evilkillerfiggin | 72 posts | Sept. 10, 2013, 3:58 p.m. | permalink

That's definitely weird, and is a bug. I'll log it as such and mark it high priority.

In case it's of interest, here's what I think is happening:

  • When you register, we store a hash of your password in the user database in a particular format. This is compatible with the middleware we use to handle ssh logins.
  • When you log in, we check the format of the password hash in the database, and if it's not in an ssh-compatible format, we overwrite it with one that's in the correct format. This is done because when we introduced ssh logins, we had to change the hash format.
  • When you change your password, some old code is triggered which still uses the old format.

So, when you change your password we store it in the wrong format, which breaks ssh, until you log in through the web interface, which forces an update to the correct format.

Definitely a bug. Thanks for uncovering it, and sorry for the inconvenience!

Staff giles | 11788 posts | PythonAnywhere staff | Sept. 10, 2013, 4:16 p.m. | permalink

Glad to help. Obviously either none of your users use ssh, or no one bothers to change their password.

Beloved premium user evilkillerfiggin | 72 posts | Sept. 10, 2013, 4:30 p.m. | permalink

Quite a lot of people seem to use ssh, so I guess it must just be that people don't change their passwords very often. Tsk tsk.

Staff giles | 11788 posts | PythonAnywhere staff | Sept. 10, 2013, 5:45 p.m. | permalink