Keyboard-interactive authentication and console command line in WinSCP :: Support Forum

shurikin
Joined:: 2019-05-20
Posts:: 1

Keyboard-interactive authentication and console command line in WinSCP

2019-05-21 08:31

Hello,

I use WinSCP and use console. I copy files with command like this:

"C:\Program Files\WinSCP\WinSCP.exe" /console /command "option batch on" "option confirm off" "open test@test.ru" "cd /in" "option transfer binary" "put  -delete z:\test\out\export\*.*" 
exit

It works correctly.
Recently the SSH server began to require keyboard-interactive authentication, as shown in the picture. Through the GUI I insert code and everything will connect successfully.
Is it possible to enter this verification code through the console? Сan you give examples?

Thank you in advance!

example.jpg (34.06 KB)

Reply with quote

diev
Joined:: 2019-06-21
Posts:: 1
Location:: St.Petersburg, Russia

2019-06-21 15:57

I have same dialog prompt now after an OpenSSH server has started to ask the 2FA code based on TOTP. I can enter this code in GUI, but I cannot pass it to my script. Now my script logs the following (please see last two lines):

. 2019-06-21 17:07:17.574 Looking up host "217.*.*.*" for SSH connection
. 2019-06-21 17:07:17.574 Connecting to 217.*.*.* port 22
. 2019-06-21 17:07:17.590 We claim version: SSH-2.0-WinSCP_release_5.15.2
. 2019-06-21 17:07:17.652 Server version: SSH-2.0-OpenSSH_7.4
. 2019-06-21 17:07:17.652 Using SSH protocol version 2
. 2019-06-21 17:07:17.652 Have a known host key of type rsa2
. 2019-06-21 17:07:17.652 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
. 2019-06-21 17:07:17.777 Host key fingerprint is:
. 2019-06-21 17:07:17.777 ssh-rsa 2048 2a:d8:* cKWR*7E=
. 2019-06-21 17:07:17.777 Host key matches configured key
. 2019-06-21 17:07:17.777 Initialised AES-256 SDCTR client->server encryption
. 2019-06-21 17:07:17.777 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2019-06-21 17:07:17.777 Initialised AES-256 SDCTR server->client encryption
. 2019-06-21 17:07:17.777 Initialised HMAC-SHA-256 server->client MAC algorithm
! 2019-06-21 17:07:17.855 Using username "c***".
. 2019-06-21 17:07:17.886 Server offered these authentication methods: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
. 2019-06-21 17:07:17.886 Using SSPI from SECUR32.DLL
. 2019-06-21 17:07:17.886 Attempting GSSAPI authentication
. 2019-06-21 17:07:17.918 GSSAPI authentication request refused
. 2019-06-21 17:07:17.918 Server offered these authentication methods: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
. 2019-06-21 17:07:17.918 Attempting keyboard-interactive authentication
. 2019-06-21 17:07:17.949 Prompt (keyboard interactive, "SSH server authentication", "Using keyboard-interactive authentication.", "Password: ")
. 2019-06-21 17:07:17.949 Using stored password.
. 2019-06-21 17:07:18.011 Prompt (keyboard interactive, "SSH server authentication", "Using keyboard-interactive authentication.", "Verification code: ")
. 2019-06-21 17:07:18.011 Disconnected: Unable to authenticate

I have my verification code calculated properly based on
Tin Isles : Google Authenticator One-time Password Algorithm in Javascript
But I have no idea how to reply to this server's second prompt from the script.

That post on Stack Overflow has no answers on it.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,378
Location:: Prague, Czechia

2019-06-25

It's not possible to automatically provide an input to multifactor authentication atm.

Reply with quote

Keyboard-interactive authentication and console command line in WinSCP

Keyboard-interactive authentication and console command line in WinSCP

Documentation

Support

Associations

Follow Us