Go Back   FlashFXP Forums > >

Project: FlashFXP Bug Reports Ticket Tools
ID: 882 Category: Feature Request
Title: Keyboard-interactive override Status: Closed
Severity: Minor Version: 4.3 stable

Junior Member
uriah
06-10-2013, 07:41 PM
Keyboard-interactive override

Some servers use the auth type "Keyboard-interactive" when they're only prompting for the password.

Can you please setup a "Keyboard-interactive" override or another authentication method, which automatically returns the password for keyboard-interactive, instead of prompting.

I have noticed this option becoming more and more prominent on the servers I use and it's extremely annoying having to manually find the password and re-enter it.
FlashFXP Developer
bigstar
06-11-2013, 06:39 AM
Re: Keyboard-interactive override

Hello,

What version/build of FlashFXP are you using?

What is the exact text on the keyboard-interactive prompt?

This text comes from the server and if it matches "password:" then the password is automatically sent without prompting, since you're being prompted then I would suspect that the prompt is something other than "password:"
Junior Member
uriah
06-11-2013, 06:45 AM
Re: Keyboard-interactive override

The message was like "<username> password:"

This is for Cleo SFTP or similar, which is used by a giant company.

I am using the latest build as I updated todat (4.3.1 build 1983 - Stable Release).
FlashFXP Developer
bigstar
06-11-2013, 07:03 AM
Re: Keyboard-interactive override

Can you please try this development build and see if it is able to automatically return the password for you

https://oss.azurewebsites.net/testr/dev-bu...4.3.1.1984.zip

Unzip the flashfxp.exe into your FlashFXP program folder.

The original evaluation code looks for the exact prompt of "password:", I've added a second condition to look for "<username>" and "password:" within the prompt, we need to be as specific as possible to handle cases where the prompt is asking for something other than the typical password.

Please let me know if this resolves the problem.
Junior Member
uriah
06-11-2013, 07:07 AM
Re: Keyboard-interactive override

I am seriously impressed with the turn around on this problem, and I'll have to get back to you tomorrow when I am back in front of that machine.

Thanks!

Uriah
Junior Member
uriah
06-11-2013, 06:57 PM
Re: Keyboard-interactive override

Unfortunately it seems I got that string wrong last night.

Here's the complete text from the transfer window:
Quote:
[09:22:39] [L] Key exchange: diffie-hellman-group1-sha1. Session encryption: aes256-cbc, MAC: hmac-sha1, compression: none.
[09:22:41] [L] Auth Type: Keyboard-interactive
[09:22:41] [L] Keyboard Authentication Requested. Prompt (1) "<username>'s password"
[09:22:47] [L] Authentication failed [Keyboard-interactive]
So the whole string is "<username>'s password". Since that doesn't seem to be a standard response, and the usual password response is:
Quote:
[09:22:39] [L] Key exchange: diffie-hellman-group1-sha1. Session encryption: aes256-cbc, MAC: hmac-sha1, compression: none.
[09:22:47] [L] Auth Type: Password
[09:22:47] [L] Authentication succeeded
[09:22:47] [L] SSH Connection open
Perhaps it would be better to have an option somewhere to override this type of connection?

Thanks.
Senior Member
X3
06-12-2013, 05:44 AM
Re: Keyboard-interactive override

Keyboard interactive login is more than just adding a simple option for this it can support amongst other, the password you speak of.

see http://www.ssh.com/manuals/server-ad...rauth-kbi.html
and https://www.eldos.com/forum/read.php?FID=7&TID=1742 or https://www.eldos.com/documentation/..._authprop.html

So to properly support keyboard-interactive methods it will take a bit more then suggested.
__________________
Regards
FlashFXP Developer
bigstar
06-12-2013, 06:52 AM
Re: Keyboard-interactive override

Quote:
Originally Posted by uriah
Unfortunately it seems I got that string wrong last night.

Perhaps it would be better to have an option somewhere to override this type of connection?
Please try this
https://oss.azurewebsites.net/testr/dev-bu...4.3.1.1985.zip

As for adding support for custom prompts this could be done although the whole point of keyboard-interactive password prompts is to require the user to manually enter the information, however 90% of the time the keyboard-interactive prompt appears because the ssh server isn't configured correctly, an oversight by the person who set it up.

Most ssh servers allow you to edit the configuration and define the authentication methods (i.e. password, keyboard-interactive, key pair, etc) now they also allow you to set the order in which each authentication method is used, typically the order is based on how secure each method is, so maybe the order is key pair, keyboard-interactive, password. simply changing the order to request the password before keyboard-interactive will bypass the prompts.. there is of course the rare cases where management thinks prompting for the password is more secure, of course in these situations the password is also changing daily and never stored on the client computer.
Junior Member
uriah
06-12-2013, 07:07 AM
Re: Keyboard-interactive override

I'll try that tomorrow. It's very annoying to have them force keyboard-interactive, when there's really no need for it.

It's definitely a misconfigured server, we've been having hell trying to get their side to reconfigure it. I'll bring this up with them also.
Ticket Tools
Subscribe to this Ticket


Posting Rules
You may not post new tickets

Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -5. The time now is 11:11 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)