1. Home

Product groups

Support

Request a password only if needed - WeOnlyDo Discussion board

Request a password only if needed (General questions)

by Marian, Thursday, April 29, 2010, 16:14 (5321 days ago)

Hello,
I'm testing SSH.NET for making a terminal program like SecureCRT.

I have noticed (with a sniffer) when connecting to my router using SecureCRT without providing any user name or password, it is establishing connection and then prompts for user name. after providing the username, some packets are sent then it prompts for password.

Now, I was wondering how could SecureCRT recognize when a user name is required and when a password ?

I suspect it's because of the cipher, but could not understand how this 3 states connection can be done with your component.

Thanks for the help.
Marian.

locked
  2268 views

Re: Request a password only if needed

by woddrazen, Thursday, April 29, 2010, 17:02 (5321 days ago) @ Marian

Hi Marian,


Which protocol are you using in SecureCRT when you connecting to your server?


Regards,
Drazen

locked
  2232 views

Re: Request a password only if needed

by Marian, Thursday, April 29, 2010, 17:26 (5321 days ago) @ woddrazen

Sorry if I was clear.
I'm using SSH2

locked
  2221 views

Re: Request a password only if needed

by woddrazen, Thursday, April 29, 2010, 19:22 (5321 days ago) @ Marian

Marian,


Probably you server is using keyboard interactive authentication.

If you would like to use interactive session in wodSSH.NET you should select KeyboardInteractive authentication in wodSSH.NET Authentication Property.

When KeyboardInteractive is selected LoginChallenge Event should be fired. Inside LoginChallenge Event server will send some challenge text, you must reply with the correct responses to successfully authenticate.

You can do that using Args.Prompt which should be used to receive challenge prompt requested by the server. Using Args.Response you can send your response to server challenge prompt.

Let us know how it goes.


Drazen

locked
  2245 views

Re: Request a password only if needed

by Marian, Thursday, April 29, 2010, 22:37 (5320 days ago) @ woddrazen

Hi Drazen,
Thanks for your reply.

The code I have is this:
[code] SSH client = new SSH();
client.ConnectedEvent += new SSH.ConnectedDelegate(client_ConnectedEvent);
client.CryptoInformationEvent += new SSH.CryptoInformationDelegate(client_CryptoInformationEvent);
client.DataReceivedEvent += new SSH.DataReceivedDelegate(client_DataReceivedEvent);
client.FingerPrintEvent += new SSH.FingerPrintDelegate(client_FingerPrintEvent);
client.LoginChallengeEvent += new SSH.LoginChallengeDelegate(client_LoginChallengeEvent);
client.Protocol = SSH.SupportedProtocols.SSHAuto;
client.Authentication = SSH.Authentications.KeyboardInteractive;
client.Connect( 10.100.100.1 );
[/code]

The client_FingerPrintEvent gets fired first, and then client_CryptoInformationEvent and finally client_ConnectedEvent with an error: Server returned the error: Invalid password!

Meaning the LoginChallenge is never called.
The server is actually a Cisco 7200, with ssh enabled (RSA)

locked
  2238 views

Re: Request a password only if needed

by woddrazen, Thursday, April 29, 2010, 23:55 (5320 days ago) @ Marian

Marian,


Are you sure that keyboard interactive authentication is enabled on your server?

Can you maybe check your server settings and see if this type of authentication is enabled?

I just try it out using our server and it worked without any problem.


Drazen

locked
  2268 views

Re: Request a password only if needed

by Marian, Friday, April 30, 2010, 08:19 (5320 days ago) @ woddrazen

Dear Drazen,
I'm not 100 sure keyboard interactive is enabled on my device, since I'm a programmer more than a network guy.
BUT, I am 100 SecureCRT and ZOC (another terminal software) both are able to connect, and request for password in the middle of the connection.

ZOC even allows me to enter a wrong password 3 times before the Cisco device is throwing me away.

I will try to setup some port forwarding so you will be able to access my router and check for yourself.

Many thanks for your will to help.
Marian.

locked
  2267 views

Thank you very much for the rapid responses. I was a little nervous about dealing with a company that is on a different continent from me. You have proven my concerns to be unfounded.

Robert Pacheco
Surebridge, Inc.

The SFTP ocx is one of the finest pieces of programming I have seen. It worked out of the box...

Kenneth R. Robinette
InterSoft International

Thank you so much for your hard work and commitment in producing well thought-out solutions. WeOnlyDo is very committed to customer satisfaction!

Mike McPherson
Nokia Inc.

Don't be fooled by the cost, it's value and quality far exceeds the price being charged!

Ian D. Mead, author of UltraEdit-32
IDM Computer Solutions

...I'm extremely impressed with the product, it represents excellent value for money...

Danny Haworth
Assetdisk

Your professionalism is reflected into your email, your product and your web site. I am confident that these will make the difference.

Sylvain Paquette
R&D Analyst at InfoPharm Inc.

...what I really like is that wodSSH and wodSFTP components work excellently and are constantly being improved...

Steven Jones
SABIEN project

The people at WeOnlyDo are amazing! ... I always get a super fast response from customer service, and the products are great too. Thanks WeOnlyDo

Jeff Hall
Occupational Health Research

...I'm extremely impressed with the product, it represents excellent value for money...

Danny Haworth
Assetdisk

The SFTP ocx is one of the finest pieces of programming I have seen. It worked out of the box...

Kenneth R. Robinette
InterSoft International