-
-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SecurID #4459
Comments
I'm looking for this feature as well. WinSCP supports this but is not available for OSX. I have yet to find a solution. |
Challenge-Response authentication schemes like SecurID should already be supported. Due to the lack of a SecurID infrastructure this feature is completely untested though. While authenticating I would expect a login popup where you can enter the current SecurID code. In order to properly implement this feature we are dependent on your help. Could you please try to connect to a SecureID enabled server and let me know what happened. |
I enter my username and password, but no login popup for the SecurID code occurs. Unfortunately, I have no clue on where the problem is located. |
Replying to [comment:3 fmueller@…]:
|
How is the password like you are entering? Normally SecurID-based authentication requires you to enter the so-called passcode (=PIN + Tokencode (concatenate both)). Please try to enter this passcode into the password field. In a SSH environment the authentication process might be different though but it's worth a try. |
usually, if I log in via ssh on a shell I connect with: |
Proposed fix in 4f87653. Please test with the nightly build to be made available shortly. |
Nightly build is ready. |
I tried the nightly builds 5961 and 5692. Still no popup-window. |
Replying to [comment:9 anonymous]:
|
well the server is called odyssey.fas.harvard.edu. |
Replying to [comment:11 anonymous]:
I don't get a partial authentication success with arbitrary credentials, so this does not help with testing. I have made another change in c8e8547 which might make it work, tough. |
Client-side command line transcript:
|
Nightly Build 5970 does not fix the problem for me. are the changes you just posted already implemented in this version? |
Wow, you guys are fast. I get the SecureID popup. I can authenticate but the problem is that the session is not cached, so after 60 seconds the key expires and I must re-authenticate (a new SecurID popup appears) and I have to continually enter a new authentication key. If I use winSCP on windows, or just standard SSH via the terminal, I only have to enter the SecurID once. |
I'm just going to detail my findings, I'll start using my username so my posts don't clash with the other anonymous posters who may have different setups. I can authenticate with SecurID using the current stable version of Cyberduck - version 3.4.2 (5902). My setup with SecurID, means I connect to the server using ssh -l [username] [host] and then the server responds requesting PASSCODE. Cyberduck thinks this request is for the password so I can enter my SecurID and authenticate. I mentioned in a post above that I need to authenticate every 60 seconds once my SecurID had expired. I've found this to be wrong. Upon testing, the connection works fine - navigating folders works etc. Problems occur when I attempt to transfer a file. Upon transferring a file, Cyberduck appears to attempt to reauthenticate to start the file transfer process. This means I need to enter a new SecurID everytime a file is opened or transferred, which makes the process unusable as I work with many files each session. |
Ok, I've solved my issue - SecurID works fine now, as long as I keep my Preferences -> Transfers -> Transfer Files set to only Use Browser Connection. A simple solution, wish I'd seen it before. Hopefully this helps others though. |
Replying to [comment:15 fmueller@…]:
|
ok, now upon entering my username and password, I get a popup window that asks me for my username and password. In the infotext the serverprompt PASSCODE appears. I entered username and the current token from my generator and received a 0 error. If I only enter the token, nothing happens except for an accoustic signal. |
Replying to [comment:20 anonymous]:
That has been fixed as of 636bdb9. |
could you upload a nightly build for this version, please? |
Replying to [comment:18 caldazar]:
Thanks for your comment! This is to be expected when the transfer is initiated using a new session in the Transfers window because a new SSH session is initiated. The workaround is as you describe to use the browser connection already open, altough that will limit you from browsing until the transfer has finished. |
A new nightly build will be available within a few hours. |
A new nightly build is now available. |
Thank you so much! It works! I just have one improvement suggestion: So far, I have to enter my username again when I enter the token (after I have already entered username and password). would it be possible to store the username for the token query? |
Replying to [comment:26 fmueller@…]:
In 7e52e48. |
Hi, My problem is that I am prompted for my password when trying to open a connection, I guess, but the dialog box already says something about my passcode at the first time -- but that should still be for my password only! If I give it the password, the passcode, or even both concatenated, there is no new dialog box, but no connection open either (a green dot next to the connection among my bookmarks, but no connection open). Could you help me track this down? Has anything changed in 3.6 since fmueller@... could get it working? I doubt that. Thanks! |
Replying to [comment:28 SandorL]:
This is an issue in the current snapshot build but should work fine with the last official release available. Will be fixed as of d27759b. |
Hi,
Would it be possible to support access to servers that need an authentification key/passcode that is generated by a dongle? I am using an RSA SecurID generator.
Thanks!
The text was updated successfully, but these errors were encountered: