Discuss this help topic in SecureBlackbox Forum

Authenticate with a keyboard-interactive authentication

Keyboard-interactive authentication is in general case a series of question asked by the server with responses provided by the client. The most common scenario of keyboard-interactive authentication is where the server asks one question "Please provide your password" and the client responds with a valid password. While looking similar to password-based authentication, keyboard-interactive is a completely different authentication type which may work separately from or in parallel with standard password authentication. There is no restrictions on the number of questions asked on a particular authentication stage; there is also no restrictions on the number of stages involving different sets of questions.

SecureBlackbox handles the simplest case of keyboard-interactive authentication (password request) automatically, so you do not need to do anything but add the SSH_AUTH_TYPE_KEYBOARD flag to your component's AuthenticationTypes flag set. More sophisticated cases will require some coding from you though.

Handling keyboard-interactive authentication in general case is mainly about handling the SSH component's OnAuthenticationKeyboard event. This event is fired each time the server sends in a list of questions.

C#:


void handleAuthenticationKeyboard(object sender, TElStringList prompts, bool[] echo, TElStringList responses)
{

}

The event gets three parameters. The prompts list contains a list of questions to be asked to the user. There is no particular order in which the questions should be asked; they all may as well be displayed at the same time.

The echo array contains a list of boolean flags corresponding to the questions (so the lengths of both lists are the same) and indicating whether user's reply for a particular question should be echoed on the screen while they are typing (true if it should be echoed, or false if it should be hidden).

User's answers should be recorded and then added to the responses list in the same order as the questions. The number of answers in responses list should match the number of questions in prompts.
Example:

prompts : { "what's your name?", "what's your date of birth?", "what's your PIN?" }
echo: { true, true, false }
responses (added by your handler): { "Mick", "10/10/1980", "12345" }

In the simplest case (password request), OnAuthenticationKeyboard is fired once, and the prompts parameter either contains one (password) or two (username and password) questions.

Note that you must provide your username via your SSH component's Username property when using this type of authentication.

How To articles about SFTP client

Discuss this help topic in SecureBlackbox Forum