Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 04-02-2021, 03:49 PM
whabeck whabeck is offline
Registered User
 
Join Date: Apr 2021
Posts: 1
Solution for saving password and allow token

I am attempting to save my password for devices (which is static), but then allow for the addition of a token (which changes every login).

I believe one simple solution is to allow Keyboard Interactive mode to not automatically enter a carriage return when a password has been saved. When it does this, it is no different than the Password method.

If I can save a password in Keyboard Interactive mode, then have it prompt for more input (which this mode is for), that would be ideal.

Has anyone worked out a good solution for this issue?
Reply With Quote
  #2  
Old 04-05-2021, 07:31 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 1,098
The behavior you are currently seeing in SecureCRT is by design.
If there is any value saved in the Password or Keyboard-Interactive Properties of the saved session in SecureCRT, SecureCRT automatically sends it as part of its authentication attempt.

There currently isn't any way to suppress sending that saved data or asking for any additional token data when a password-saved auth attempt is being made.
One option would be to clear out any saved password in the Keyboard-Interactive/Password Properties window, and instead utilize SecureCRT's Logon Actions Expect/Send functionality to accomplish the saved/automated authentication. If you're unfamiliar with this concept, you can read more about it in this existing forum post.
In your case, you wouldn't be sending any 'ssh' command to get to a secondary host. Instead, you'd be deleting the default Username and Password entries and replacing both with a single entry that simply waits for (AKA: "Expect") the keyboard-interactive prompt that the server sends, and acts upon that.
Note: In order to use the Automate logon Expect/Send sequences for SSH2 protocol connections, you need to open your saved Session Options, navigate to the Logon Actions category and perform these two changes:
  • Disable the Send initial carriage return option.
  • Enable the Display logon prompts in terminal window option.
While any Logon Actions "Send" field will automatically have an embedded CR sent as well, what you can do is use the \v substitution to send what's in the clipboard. For example:
Expect:
Password:

Send:
static_pwd_here\v

With such a setup, one could copy the token to the clipboard just prior to connecting to the saved session and the authentication will be automated by sending the static password followed immediately by the contents of the clipboard.

Since copying the token to the clipboard prior to authenticating isn't always ideal, I've created a feature request for the option to suppress the implicit/embedded CR that is sent with each and every Send action in a Logon Actions sequence. While the product director may evaluate this request for potential inclusion in a future release, I don't yet have any ETA for when or even if this might ever become available. However, if something along these lines becomes available, we will be happy to post here in this forum thread.
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 12:39 PM.