VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   SecureCRT on the Mac (https://forums.vandyke.com/forumdisplay.php?f=24)
-   -   YUBIKEY neo integration with SecureCRT (https://forums.vandyke.com/showthread.php?t=12166)

rjdick3064 11-25-2015 09:39 AM

YUBIKEY neo integration with SecureCRT
 
My Company has moved to using the YUBIKEY neo device for SSH two factor authentication. Following the instructions, I can ssh from the MAC terminal ssh session without issue, however I can no longer get CRT to connect. Has anyone used this device with SecureCRT and gotten it integrated?

rtb 11-25-2015 11:35 AM

Hi rjdick3064,

Thanks for the post. We don't currently offer support for YUBIKEY Neo PGP smart cards.

We will post to this thread if we add support for this in a future SecureCRT release.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request

jdev 11-30-2015 03:11 PM

rjdick3064,

What are the steps you took to use the YUBIKEY device for two factor authentication within the Mac Terminal ssh session?

Even though SecureCRT doesn't know natively about YUBIKEY, if we know what steps you took with the terminal ssh session, it may be possible to replicate that process within SecureCRT.

--Jake

khalaan 12-05-2015 08:11 AM

@jdev

There are two options for using the YubiKey Neo and now YubiKey 4 with OSX, Linux and only one option for doing so with Windows presently. The Linux and MAC systems have the option of using OpenSC's PKCS11 provider either called directly by ssh or added to ssh-agent (this currently causes a fork bomb on Yosemite). Additionally if you are using the PGP authentication slot instead all one has to do is generate a key and start gpg-agent, SSH will check if there are public keys to it available via the SSH-Agent emulation of GPG-Agent, forward what it has available. Windows only supports the latter now that GPG-Agent also supports the putty agent. What I would propose from Vandyke's perspective to implement this quickly and easily would be to offer connectivity to a native ssh-agent socket / putty agent socket respectively. While platform dependent code is a nightmare it looks like you already likely maintain three unique branches of code as I'm a user in all three platforms.

rtb 12-07-2015 12:36 PM

Hi khalaan,

Thanks for the post.

SecureCRT already provides native support for the OpenSSH agent on Mac OS X and Linux.

We will post to this thread if we add support for PKCS#11 or PGP keys in the future.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request

Lanselot 02-28-2017 01:14 PM

Any updates on this?
I've try to use yubikey 4 with gpg-agent and secureCRT and no chance.
Console ssh client works perfect.

bgagnon 02-28-2017 01:27 PM

Hi Lanselot,

No, we'll post to this thread if the feature's been implemented. Or, as Todd provided previously, if you want direct contact, you can send an email via our feature request web form.

Lanselot 03-01-2017 08:54 AM

This "magic" works:

Code:

# You've already configured gpg-agent for ssh, add keys...
echo $SSH_AUTH_SOCK
# ~/.gnupg/S.gpg-agent.ssh

# Get SSH_AUTH_SOCK variable from SecureCRT environment
SECURECRT_SOCKET=`ps -E -p $( ps xuc | grep SecureCRT | awk '{print $2}' ) | tr ' ' '\n' | grep SSH_AUTH_SOCK | cut -d'=' -f2`

# remove this socket, and replace it with symbolic link to gpg-agent socket
sudo rm $SECURECRT_SOCKET && sudo ln -s $SSH_AUTH_SOCK $SECURECRT_SOCKET

# voila

:)

Maybe there is more elegant way to change SSH_AUTH_SOCK for secureCRT?

bgagnon 03-01-2017 11:34 AM

Hi Lanselot,

What version of SecureCRT are you using?

On what platform/OS?

Lanselot 03-01-2017 02:04 PM

currently:
securecrt: Version 8.0.2 (build 1118)
macOS Sierra 10.12.3

bgagnon 03-02-2017 03:24 PM

Hi Lanselot,

Thanks. We are investigating further. If we have any news, we will post to this thread.


All times are GMT -6. The time now is 01:57 PM.