Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 04-02-2020, 06:29 PM
powerponch powerponch is offline
Registered User
 
Join Date: Apr 2020
Posts: 4
SSH auth with Python - Random "Keyboard Interactive Authentication" pop-up

Hello. I am currently running a python script from a custom button which logins to a router. The login works normally OK, however in some cases a pop-up appears ("Keyboard Interactive Authentication") and asks for manual password input.

Since my script is intended to run without human supervision, this is an issue. Moreover, I haven't been able to determine under which circumstances this pop-up appears.

Does somebody know how to suppress the pop-up?

Below the code I'm using for login:

cmd = "/SSH2 /L %s /PASSWORD %s /C AES-128 /M SHA1 %s" % (HOST_USERNAME, HOST_PASSWORD, HOST)

crt.Session.Connect(cmd)

Reply With Quote
  #2  
Old 04-03-2020, 08:45 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,279
Hi powerponch,

What version of SecureCRT are you using?

On what OS?

For the remotes where you see the dialog, it likely means that keyboard-interactive authentication is required. This is different than password authentication (though it often looks similar to the end user). RFC 4256 details keyboard-interactive authentication.

Getting Trace Options output to those devices should show what authentication method is supported.

You may need to adjust the connection method in your script and handle the possible prompts (notice what's in the screenshot is Enter PASSCODE:).

Or, if v8.5 or later, you may be able to leverage these features:

Changes in SecureCRT 8.5 (Beta 1) -- June 28, 2018
--------------------------------------------------
New features:
  • Added a session INI-file-only option "Keyboard Interactive Prompt" that allows the expected prompt for keyboard-interactive authentication to be specified.
  • Added a command-line flag /KEYBOARDINTERACTIVEPROMPT that allows the keyboard interactive prompt to be specified for SSH2 sessions.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 04-04-2020, 01:01 PM
powerponch powerponch is offline
Registered User
 
Join Date: Apr 2020
Posts: 4
Thank you for the quick reply!

I am running SecureCRT v.8.5 on Windows 10. Is it possible to apply a fix or a flag for suppressing the pop-up?

It is of crucial importance given that the script is executed on a scheduled basis via Windows Scheduled Tasks, and it is not being executed when this pop-up appears because there is nobody to input the password.

As I mentioned, this happens in random occasions. More than often the login runs smoothly with the python code.

This is a screenshot of the pop-up that I'm getting:
Attached Images
File Type: png FT_14137_03.png (12.7 KB, 93 views)

Last edited by jdev; 04-04-2020 at 05:32 PM. Reason: Upload actual image (please don't link to 3rd party image sites. Please upload directly using capabilities native to forums.vandyke.com)
Reply With Quote
  #4  
Old 04-04-2020, 01:24 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,279
Hi powerponch,

I'm sort of feeling like you did not read my post at all.

Do you have to enter something when prompted? If so, then this authentication method (keyboard-interactive) is what the remote requires so it will need to be handled. It is not the password authentication method, it is keyboard-interactive.

If you connect to a mix of remotes that require either password or keyboard-interactive then you will have to authenticate within the script.

For example:
  • Wait for prompts (with WaitForStrings()) that may either have password or passcode in them

  • Send appropriate response
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by bgagnon; 04-04-2020 at 01:53 PM. Reason: Additional info
Reply With Quote
  #5  
Old 04-06-2020, 04:42 PM
powerponch powerponch is offline
Registered User
 
Join Date: Apr 2020
Posts: 4
Hello. Sorry for the confusion. I did not quite get you first reply.
When the pop-up appears, I need to input the password for SSH authentication. Afterwards, my script continues its normal execution.

I am using a crt.Sleep(2000) command after the Session.Connect().
Reply With Quote
  #6  
Old 04-07-2020, 08:56 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,279
Hi powerponch,

I guess I am still not making it clear.

In simplest terms, you have remotes/devices that require two different methods of authentication. Therefore, you would need to use two different command-lines to handle each.

So you either have to:
  • Be able to narrow down which requires password and which requires keyboard-interactive and connect to each with a different command-line.

  • Handle both types within the script somehow. This requires being able to distinguish between the two.

If you opt for the latter option, what I suggest is you connect manually to a device that succeeds with your current command-line and collect Trace Options output (instructions were in a prior post). Then also connect manually to one of the devices that results in the pop-up you are reporting and collect Trace Options output from that.

You will want to have Display logon prompts in terminal window enabled in the sessions you connect manually (or in Default session if it's an ad hoc connection). That option is found in the Connection / Logon Actions category of Session Options.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 04-07-2020, 10:44 AM
powerponch powerponch is offline
Registered User
 
Join Date: Apr 2020
Posts: 4
Thank you for the reply.

My remote target device is only one: a Cisco router enabled with SSH.

I think I wasn't clear on that part before, but this single device is the one to which I can login successfully with the code I mentioned before, but sometimes prompts that pop-up for the password.

Both situations on the same device without doing anything different but clicking my button to trigger the python script.

I collected the Trace Options. What should I look at in the output sorry?

About the Display logon prompts in terminal window, my intention is not to collect anything manually, but to let the script run on a scheduled basis without supervision. It must not stop with the pop-up that appears sometimes.
Reply With Quote
  #8  
Old 04-07-2020, 10:52 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,279
Hi powerponch,

I am very clear on your goal. My suggestions are troubleshooting steps and sometimes those must be done manually.

Quote:
I think I wasn't clear on that part before, but this single device is the one to which I can login successfully with the code I mentioned before, but sometimes prompts that pop-up for the password.
Then it is likely a broken SSH server and I don't think there is anything you can do on the client side to compensate for that but I would still like to have a look at Trace Options output.

Please send to support@vandyke.com as an attachment to email and reference Attn Brenda - Forum Thread #14137 in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Tags
login , python , ssh


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 11:16 AM.