Solution for saving password and allow token

[whabeck]

I am attempting to save my password for devices (which is static), but then allow for the addition of a token (which changes every login).

I believe one simple solution is to allow Keyboard Interactive mode to not automatically enter a carriage return when a password has been saved. When it does this, it is no different than the Password method.

If I can save a password in Keyboard Interactive mode, then have it prompt for more input (which this mode is for), that would be ideal.

Has anyone worked out a good solution for this issue?

[jdev]

The behavior you are currently seeing in SecureCRT is by design.

If there is any value saved in the Password or Keyboard-Interactive Properties of the saved session in SecureCRT, SecureCRT automatically sends it as part of its authentication attempt.

There currently isn't any way to suppress sending that saved data or asking for any additional token data when a password-saved auth attempt is being made.

One option would be to clear out any saved password in the Keyboard-Interactive/Password Properties window, and instead utilize SecureCRT's Logon Actions Expect/Send functionality to accomplish the saved/automated authentication. If you're unfamiliar with this concept, you can read more about it in this existing forum post.

In your case, you wouldn't be sending any 'ssh' command to get to a secondary host. Instead, you'd be deleting the default Username and Password entries and replacing both with a single entry that simply waits for (AKA: "Expect") the keyboard-interactive prompt that the server sends, and acts upon that.

Note: In order to use the Automate logon Expect/Send sequences for SSH2 protocol connections, you need to open your saved Session Options, navigate to the Logon Actions category and perform these two changes:

• Disable the Send initial carriage return option.
• Enable the Display logon prompts in terminal window option.

While any Logon Actions "Send" field will automatically have an embedded CR sent as well, what you can do is use the \v substitution to send what's in the clipboard. For example:

Expect:
Password:

Send:
static_pwd_here\v

With such a setup, one could copy the token to the clipboard just prior to connecting to the saved session and the authentication will be automated by sending the static password followed immediately by the contents of the clipboard.

Since copying the token to the clipboard prior to authenticating isn't always ideal, I've created a feature request for the option to suppress the implicit/embedded CR that is sent with each and every Send action in a Logon Actions sequence. While the product director may evaluate this request for potential inclusion in a future release, I don't yet have any ETA for when or even if this might ever become available. However, if something along these lines becomes available, we will be happy to post here in this forum thread.