Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 04-16-2019, 12:18 PM
ScottyT57 ScottyT57 is offline
Registered User
 
Join Date: Apr 2019
Posts: 2
Client Pack support GSSAPI and Kerberos?

Just a quick question... Does the ClientPack support GSSAPI and Kerberos authentication for SSH sessions like SecureCRT does?
Reply With Quote
  #2  
Old 04-16-2019, 12:41 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 886
Quote:
Originally Posted by ScottyT57 View Post
Just a quick question... Does the ClientPack support GSSAPI and Kerberos authentication for SSH sessions like SecureCRT does?
Yes. For hints, you can do things like:

vsh --auth help
Invalid authentication method name: help
Valid names are:
publickey,keyboard-interactive,password,gssapi,gss-ms-kerberos.

or
vsh --kex help
Invalid kex method specified on the command line: help

Supported kex methods are: curve25519-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14,diffie-hellman-group-exchange-sha256,diffie-hellman-group,diffie-hellman,Kerberos,Kerberos (Group Exchange)

Any unrecognized method will produce a list of supported methods.

Are you referring to the use of vsh/vsftp/vcp command line utilities, or are you referring to the use of the VRALib COM/.Net automation object?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: http://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: http://www.vandyke.com/support
Reply With Quote
  #3  
Old 04-16-2019, 01:27 PM
ScottyT57 ScottyT57 is offline
Registered User
 
Join Date: Apr 2019
Posts: 2
I'm looking at using the .NET objects/methods from a C# program.

Thanks for the quick reply.
Reply With Quote
  #4  
Old 04-16-2019, 05:04 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 886
Quote:
Originally Posted by ScottyT57 View Post
I'm looking at using the .NET objects/methods from a C# program.
Here's some example code:
Code:
using System;

namespace VRALibDownloadExample
{
    class VRALibDownloadExample
    {
        static void Main(string[] args)
        {
            // For evaluation of VRALib, this code is needed; it does not cause any problems
            // for license/registered VRALib installations, so it can be left in place even
            // after you license VRALib:
            var objLicense = new vralib.License();
            string strEvalLeft = objLicense.AcceptEvaluationLicense();
            if (strEvalLeft.Contains(@"days remaining"))
                Console.WriteLine(strEvalLeft);

            // Create a VRAlib Connection object we'll use to control
            // the process of connecting via SSH to the remote system
            vralib.Connection objConn = new vralib.Connection();

            // Enable debug logging for assisting troubleshooting efforts
            objConn.DebugLogFile = @"C:\##vralib-Download-Dbg-Log.txt";
            objConn.DebugLevel = 5;

            // For debugging, uncomment following line to automatically accept the host key.
            //objConn.AutoAcceptHostKey = true;

            objConn.Hostname = @"host@fqdn.com";
            objConn.Port = 22;
            objConn.Username = @"user";

            // For public/private key authentication, use this (obviously, you'll
            // need to create two variables -- PrivateKeyPath, which contains the full
            // path to the private/public key file; and PrivateKeyPassphrase, which
            // contains the passphrase used to unlock/decrypt the private key for use).
            // Consult the VRALib documenation or more information.
            // objConn.SetPrivateKeyFile(PrivateKeyPath, PrivateKeyPassphrase);

            // Or, you could consider using plain old password auth
            // objConn.Password = @"p4$$w0rd";

            // In this example, let's use GSSAPI for single-sign-on capability
            // within a MS Kerberos or GSS-Kerberos environment
            // Specify the UPN name associated with the Kerberos Principal reflecting
            // who we are:
            objConn.Username = "user@FQDN.com"
            objConn.AuthenticationMethods = "gssapi-with-mic"

            // Now Connect to the remote system.  Wrap this in a try/catch block to
            // handle any connection failures "gracefully":
            Console.WriteLine("Connecting to " + objConn.Hostname + ":" + objConn.Port + "...");
            try
            {
                // When the Connection object has all the necessary connection info
                // already set in the form of properties (e.g. objConn.Hostname,
                // objConn.Username, objConn.Password, etc.), all that is needed is to call
                // Connect with an empty string as the first param, and 'false' as the second
                // param (StartAllForwards is a setting that doesn't apply to file transfer
                // connections).  See the VRALib help documentation .chm file for additional
                // details about the Connection object's Connect() method.
                objConn.Connect("", true);
            }
            catch (System.Runtime.InteropServices.COMException objException)
            {
                Console.WriteLine("Failed to connect:\r\n" + objException.ToString());
                Console.WriteLine("Press any key to continue.");
                Console.ReadKey();
                System.Environment.ExitCode = objException.ErrorCode;
                return;
            }

            Console.WriteLine(
                "Connected and authenticated to " + objConn.Hostname +
                " (" + objConn.RemoteIdentString + ")");

            // Get a reference to a file system object for the remote host.
            // This file system object will be used to perform file transfer
            // operations like "Put()" and "Get()", etc.
            vralib.IFileSystemObject objRemoteFS = objConn.FileSystemObject;

            // Download remote files (*.txt) to a local folder (C:\Temp\Incoming\)
            string strSrc = "*.txt";
            string strDst = @"C:\Temp\Incoming\";
            Console.WriteLine(@"Downloading '" + strSrc + "' from " +
                objConn.Hostname + " to '" + strDst + "'");
            try
            {
                objRemoteFS.Get(strSrc, strDst);
            }
            catch (System.Runtime.InteropServices.COMException objException)
            {
                Console.WriteLine("Transfer failed:\r\n" + objException.ToString());
                Console.WriteLine("Press any key to continue.");
                Console.ReadKey();
                System.Environment.ExitCode = objException.ErrorCode;
                return;
            }
            catch (System.IO.FileNotFoundException objException)
            {
                Console.WriteLine("Transfer failed:\r\n" + objException.ToString());
                Console.WriteLine("Press any key to continue.");
                Console.ReadKey();
                System.Environment.ExitCode = 2;
                return;
            }
            catch (Exception objException)
            {
                Console.WriteLine("Transfer failed:\r\n" + objException.ToString());
                Console.WriteLine("Press any key to continue.");
                Console.ReadKey();
                System.Environment.ExitCode = -9999999;
                return;
            }

            Console.WriteLine("Transfer succeeded.\r\n\r\nPress any key to contine.");
            Console.ReadKey();
        }
    }
}

Here's example output from the VRALib Connection object's log file representing a typical pattern from the code above:
Code:
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : Searching for ssh-userauth in global service map  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : ...Considering ssh-userauth in global service map  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : SENT : USERAUTH_REQUEST [none]  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : Authenticating as user user@fqdn.com
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password,gssapi-with-mic]  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : GSS SPN : host@fqdn.com  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : [SSPI/1.2.840.113554.1.2.2] : This mechanism might work.  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : SENT : USERAUTH_REQUEST [gssapi-with-mic]  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : [SSPI/1.2.840.113554.1.2.2] : Using this mechanism.  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : GSS  : Requesting full delegation  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : SENT : USERAUTH_GSSAPI_TOKEN [1721 bytes]  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : GSS  : The delegation request failed, credentials will not be forwardable.  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : SENT : SSH_MSG_USERAUTH_GSSAPI_MIC  
4/16/2019 4:53:33 PM,13728,1,[LOCAL] : RECV : AUTH_SUCCESS
In the above output, we see that the GSS request for "full delegation" failed, but the authentication was successful (meaning the resulting authentication is good for the SSH2 server, but only resources available on the SSH2 server will be accessible -- network resources on the SSH2 server may not be available).

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: http://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: http://www.vandyke.com/support
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 10:31 AM.