Opened on Nov 3, 2017 at 11:20:38 AM
Closed on Oct 8, 2019 at 1:54:43 PM
#10125 closed defect (fixed)
2-factor authentication not working after update
Reported by: | jonas_lindemann | Owned by: | dkocher |
---|---|---|---|
Priority: | high | Milestone: | 6.3.1 |
Component: | sftp | Version: | 6.2.11 |
Severity: | normal | Keywords: | sftp, keyboard-interactive |
Cc: | Architecture: | ||
Platform: |
Description
We are using keyboard interactive 2-factor authentication with Cyberduck and SFTP. We had problems before CD-2911. This was fixed and was working with 6.1.0 (25371). Latest version 6.2.11 (26765) it has stopped working.
-- Jonas
Change History (16)
comment:1 Changed on Nov 8, 2017 at 4:08:41 PM by dkocher
- Milestone set to 6.3
- Owner set to dkocher
- Status changed from new to assigned
comment:2 Changed on Nov 8, 2017 at 4:09:48 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed on Nov 21, 2017 at 1:33:30 PM by jonas_lindemann
- Resolution fixed deleted
- Status changed from closed to reopened
Version 6.3.1 (27114) our OTP-authentication does not work in this version either. Our system is based on SSH keyboard-interactive prompts from a pam_radius module asking for an OTP-prompt.
-- Jonas
comment:4 Changed on Nov 21, 2017 at 3:21:04 PM by dkocher
Can you confirm that your server does use no password authentication but only keyboard-interactive for both password and OTP.
comment:5 Changed on Nov 21, 2017 at 3:27:07 PM by jonas_lindemann
I ran ssh -v to our server, which gave the following log:
debug1: Next authentication method: keyboard-interactive Password: Enter your Pocket Pass OTP: 471410 debug1: Authentication succeeded (keyboard-interactive).
This should indicate that keyboard-interactive is used for both.
Thanks in advance!
Jonas Lindemann
comment:6 Changed on Nov 21, 2017 at 3:30:03 PM by dkocher
Thanks! That is helpful. We have a regular expression match that we default to the user password per default for .*[pP]assword:\s?\z which is why the password is sent instead of the token.
comment:7 Changed on Nov 21, 2017 at 4:03:09 PM by dkocher
Possible fix in r43404. Please update to the latest snapshot build.
comment:8 Changed on Nov 21, 2017 at 4:03:19 PM by dkocher
- Milestone changed from 6.3 to 7.0
comment:9 Changed on Nov 21, 2017 at 4:21:47 PM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
Please let me know if the latest build resolves the issue.
comment:10 Changed on Nov 21, 2017 at 8:40:15 PM by dkocher
- Milestone changed from 7.0 to 6.3.1
comment:11 Changed on Nov 22, 2017 at 12:15:28 PM by jonas_lindemann
Unfortunately it doesn't work. However, I get the OTP-prompt, but the login still fails and I get a repeated OTP-prompt.
-- Jonas
comment:12 Changed on Nov 22, 2017 at 12:38:42 PM by dkocher
- Resolution fixed deleted
- Status changed from closed to reopened
comment:13 Changed on Nov 22, 2017 at 12:59:56 PM by dkocher
comment:14 Changed on Nov 22, 2017 at 9:37:59 PM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
comment:15 follow-up: ↓ 16 Changed on Oct 8, 2019 at 12:37:34 PM by jonas_lindemann
- Resolution fixed deleted
- Status changed from closed to reopened
This issue has returned. Confirmed with latest Cyberduck-version. 7.1 - 31395
comment:16 in reply to: ↑ 15 Changed on Oct 8, 2019 at 1:54:43 PM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
Replying to jonas_lindemann:
This issue has returned. Confirmed with latest Cyberduck-version. 7.1 - 31395
Duplicate for #10813.
In r43241. Please update to the latest snapshot build available.