Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Issues connecting when "Further authentication" is prompted

See original GitHub issue

Referencing darkoperator/posh-ssh#443

The author of said project has responded saying SSH.NET does not support further authentication prompts. The server in question requires both a username+key, followed by a prompt for an OTP code.

When using said project: Using PoSH-SSH 3.0.0 does not work for me when the server is setup to accept keys, with a prompt during auth for OTP. Example: auth using “user” with key (empty pass), in PuTTy its seen as:

login as: user
Authenticating with public key "rsa-key...." from agent
Further authentication required
Keyboard-interactive authentication prompts from server:
| OTP Code:

This is how I try to connect, it fails with “New-SSHSession : No suitable method found to complete authentication (keyboard-interactive)”

$key = C:\temp\test.key
$IP = "10.10.10.10"
$cred = Get-Credential
New-SSHSession -Computername $IP -KeyFile $key -Credential $cred

Any thoughts on how I can pass the OTP code for a proper auth? I have the OTP token as a variable. I’ve also tried to set it as the password for the $cred, to no avail.

Issue Analytics

State:
Created 2 years ago
Comments:8

Top GitHub Comments

1reaction

darkoperatorcommented, Jan 27, 2022

Will have to see how I will implement this and not break the curren command parameters and add an option like that, it will require for me to change the parameter sets of the functions, I use user /cred for key so adding keyboard interactive will mean an additional parameter for the OTP code only for one user out of o er 2 million downloads, so will need to plan it out and see how I can test without adding breaking changes.

0reactions

darkoperatorcommented, Jan 27, 2022

Had issues with some users with weird banners where the password was entered before the banner finished showing that is why I do the check.

On Jan 27, 2022, at 11:38 AM, Stefan Rinkes @.***> wrote:

@darkoperator https://github.com/darkoperator I think @TheFlyingCorpse https://github.com/TheFlyingCorpse problem is, he needs pubkey auth and keyboard-interactive. As far i understand the code you linked, Posh-SSH just does one at the same time.

Note: You can add KeyboardInteractiveAuthenticationMethod multiple times, so multiple prompts appear.

This check looks wrong to me. Why should the client test the prompt?

if (prompt.Request.Contains(“Password”) || prompt.Request.Contains(“PASSCODE”) || prompt.Request.Contains(“password”))

— Reply to this email directly, view it on GitHub https://github.com/sshnet/SSH.NET/issues/915#issuecomment-1023344901, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD7IHXMEGTCMCROL7IHRUDUYFRHTANCNFSM5M5EYZYQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.

Top Results From Across the Web

You are intermittently prompted for credentials or ...

This issue occurs when a high volume of NTLM authentication or Kerberos PAC validation transactions (or both) occur on a Windows-based server, and...

A federated user is repeatedly prompted for credentials ...

The symptom indicates an issue with Windows Integrated authentication with AD FS. This issue can occur if one or more of the following ......

Issues logging in with Integrated Authentication in Internet ...

How to solve a common issue when authentication fails in the browsers Internet Explorer or Edge but it works on Chrome.

WiFi prompt for additional credentials

There isn't a Captive Portal or VPN. Connection to the WiFi requires AD username and password to authenticate. The authentication method to the ......

I don't get an authentication prompt for a network share...

Map the required network drive and make sure to click "connect using a different user name". Enter credentials that you know are incorrect....