Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > SecureCRT on the Mac

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 11-25-2015, 10:39 AM
rjdick3064 rjdick3064 is offline
Registered User
 
Join Date: Nov 2015
Posts: 1
YUBIKEY neo integration with SecureCRT

My Company has moved to using the YUBIKEY neo device for SSH two factor authentication. Following the instructions, I can ssh from the MAC terminal ssh session without issue, however I can no longer get CRT to connect. Has anyone used this device with SecureCRT and gotten it integrated?
Reply With Quote
  #2  
Old 11-25-2015, 12:35 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi rjdick3064,

Thanks for the post. We don't currently offer support for YUBIKEY Neo PGP smart cards.

We will post to this thread if we add support for this in a future SecureCRT release.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #3  
Old 11-30-2015, 04:11 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 950
rjdick3064,

What are the steps you took to use the YUBIKEY device for two factor authentication within the Mac Terminal ssh session?

Even though SecureCRT doesn't know natively about YUBIKEY, if we know what steps you took with the terminal ssh session, it may be possible to replicate that process within SecureCRT.

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #4  
Old 12-05-2015, 09:11 AM
khalaan khalaan is offline
Registered User
 
Join Date: Dec 2015
Posts: 1
@jdev

There are two options for using the YubiKey Neo and now YubiKey 4 with OSX, Linux and only one option for doing so with Windows presently. The Linux and MAC systems have the option of using OpenSC's PKCS11 provider either called directly by ssh or added to ssh-agent (this currently causes a fork bomb on Yosemite). Additionally if you are using the PGP authentication slot instead all one has to do is generate a key and start gpg-agent, SSH will check if there are public keys to it available via the SSH-Agent emulation of GPG-Agent, forward what it has available. Windows only supports the latter now that GPG-Agent also supports the putty agent. What I would propose from Vandyke's perspective to implement this quickly and easily would be to offer connectivity to a native ssh-agent socket / putty agent socket respectively. While platform dependent code is a nightmare it looks like you already likely maintain three unique branches of code as I'm a user in all three platforms.
Reply With Quote
  #5  
Old 12-07-2015, 01:36 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi khalaan,

Thanks for the post.

SecureCRT already provides native support for the OpenSSH agent on Mac OS X and Linux.

We will post to this thread if we add support for PKCS#11 or PGP keys in the future.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by jdev; 12-07-2015 at 05:40 PM.
Reply With Quote
  #6  
Old 02-28-2017, 02:14 PM
Lanselot Lanselot is offline
Registered User
 
Join Date: Jul 2015
Posts: 4
Any updates on this?
I've try to use yubikey 4 with gpg-agent and secureCRT and no chance.
Console ssh client works perfect.
Reply With Quote
  #7  
Old 02-28-2017, 02:27 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,048
Hi Lanselot,

No, we'll post to this thread if the feature's been implemented. Or, as Todd provided previously, if you want direct contact, you can send an email via our feature request web form.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #8  
Old 03-01-2017, 09:54 AM
Lanselot Lanselot is offline
Registered User
 
Join Date: Jul 2015
Posts: 4
This "magic" works:

Code:
# You've already configured gpg-agent for ssh, add keys...
echo $SSH_AUTH_SOCK 
# ~/.gnupg/S.gpg-agent.ssh

# Get SSH_AUTH_SOCK variable from SecureCRT environment
SECURECRT_SOCKET=`ps -E -p $( ps xuc | grep SecureCRT | awk '{print $2}' ) | tr ' ' '\n' | grep SSH_AUTH_SOCK | cut -d'=' -f2`

# remove this socket, and replace it with symbolic link to gpg-agent socket 
sudo rm $SECURECRT_SOCKET && sudo ln -s $SSH_AUTH_SOCK $SECURECRT_SOCKET

# voila


Maybe there is more elegant way to change SSH_AUTH_SOCK for secureCRT?

Last edited by Lanselot; 03-05-2017 at 09:01 PM.
Reply With Quote
  #9  
Old 03-01-2017, 12:34 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,048
Hi Lanselot,

What version of SecureCRT are you using?

On what platform/OS?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #10  
Old 03-01-2017, 03:04 PM
Lanselot Lanselot is offline
Registered User
 
Join Date: Jul 2015
Posts: 4
currently:
securecrt: Version 8.0.2 (build 1118)
macOS Sierra 10.12.3
Reply With Quote
  #11  
Old 03-02-2017, 04:24 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,048
Hi Lanselot,

Thanks. We are investigating further. If we have any news, we will post to this thread.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 05:05 AM.