Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows tsh login does not prompt for OTP when OTP and MFA registered #25051

Closed
stevenGravy opened this issue Apr 23, 2023 · 3 comments
Closed

Windows tsh login does not prompt for OTP when OTP and MFA registered #25051

stevenGravy opened this issue Apr 23, 2023 · 3 comments
Assignees
@tobiaszheller
Labels
bug mfa Issues related to Multi Factor Authentication platform-security tsh tsh - Teleport's command line tool for logging into nodes running Teleport.

Comments

@stevenGravy
Copy link
Contributor

Expected behavior:

Receive prompt for OTP and webauthn device as in MacOS and Linux tsh.

Current behavior:

The user will only be able to authenticate with webauth devices.

Bug details:

  • Teleport version: 12.2.4
  • Recreation steps
  1. Configure webauthn and set second_factor to on.
  2. Register a OTP and MFA device for a local user
  3. Authenticate in windows with tsh
tsh login --proxy=enterprise.teleportdemo.com --auth=local --user=steven
Enter password for Teleport user steven:
Using platform authenticator, follow the OS dialogs
ERROR: missing second factor
@stevenGravy stevenGravy added bug tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Apr 23, 2023
@tobiaszheller tobiaszheller self-assigned this Apr 24, 2023
@zmb3
Copy link
Collaborator

zmb3 commented May 10, 2023

Have you tried tsh login --mfa-mode=otp? If you don't specify a mode and there are multiple options, tsh is going to want to prefer the stronger webauthn mode.

@tobiaszheller
Copy link
Contributor

It's related to #17563
It actually accepts otp if you type it, just prompt for it is missing. Although it's not that trivial to fix.

@tobiaszheller tobiaszheller mentioned this issue Aug 9, 2023
Merged
@codingllama codingllama added the mfa Issues related to Multi Factor Authentication label Aug 9, 2023
This was referenced Aug 10, 2023
Merged
Merged
Merged
Merged
@codingllama
Copy link
Contributor

@stevenGravy, fixes should land in the next patches. Hopefully it's a bit better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tobiaszheller tobiaszheller

Labels
bug mfa Issues related to Multi Factor Authentication platform-security tsh tsh - Teleport's command line tool for logging into nodes running Teleport.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zmb3 @codingllama @tobiaszheller @stevenGravy