Discuss this help topic in SecureBlackbox Forum

Authenticate with multiple methods

Certain SSH servers might require their users to use several authentication types in a row when logging in. A relatively common combination is public key + password, yet public key + keyboard interactive bundle is also used sometimes.

Handling multi-factor authentication is no harder than handling simple authentication. Basically, you just configure different authentications individually, and the SSHBlackbox component you are using brings them together.

You can read more about using password-based, keyboard-interactive and public key authentication types by following the links.

For example, to configure the component to use key-based authentication and password authentication, you

  1. load your private key into a TElSSHMemoryKeyStorage as described in the relevant article and attach it to the KeyStorage property of the component
  2. Independently, you assign the password to the Password property
  3. You also add the needed authentication type flags to the AuthenticationTypes property
  4. Remember to set the username too

Example:

C#:


// load your private key into a TElSSHMemoryKeyStorage and attach it to the KeyStorage property of the component
sshClient.KeyStorage = myKeyStorage;

// Independently, you assign the password to the Password property:
sshClient.Password = myPassword;

// You also add the needed authentication type flags to the AuthenticationTypes property:
sshClient.AuthenticationTypes = SBSSHConstants.Unit.SSH_AUTH_TYPE_PASSWORD or SBSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY;

// Remember to set the username too:
sshClient.Username = myUsername;

Additionally, you might want to adjust the order in which the authentication of different types is performed. Sometimes it is regulated by a server's policy, in the other cases you just want to minimise hassle for your users. This can be done with SSHAuthOrder property, which takes the following values:

  • aoDefault : default order (keyboard-interactive, public key, password, host-based)
  • aoKbdIntLast : keyboard-interactive is shifted to the end of the list;
  • aoCustom: custom authentication order. Use AuthTypePriorities property to specify custom priorities for different authentication types.

How To articles about SFTP client

Discuss this help topic in SecureBlackbox Forum