billchurch
commented
3 years ago This is a good idea, will look into this. Will most likely need to target 0.5.0 but it may be possible.
Open rettenbs opened 3 years ago
billchurch
commented
3 years ago This is a good idea, will look into this. Will most likely need to target 0.5.0 but it may be possible.
rettenbs
commented
3 years ago Let me know if you have a branch which I can test.
I also noticed something else that is somehow related. Some browsers (e.g. Firefox) remember the user/password of the basic authentication and do not ask again. This happens even if the authentication fails or if you want to connect to a different server with a different user/password.
Maybe it is possible to use the terminal to enter username, password and second factor as an alternative to basic auth, similar to Putty.
billchurch
commented
3 years ago Yeah, for better or worse it's Firefox's behavior has been pretty consistent in this regard. Chrome seems to respond to a 401 as you would expect, prompting the client for credentials again. Firefox is having none of that.
The RFC suggests if you give a 401 for another url (say /reauth) the client should prompt for credentials but I just tried this in Firefox (I moved /ssh/reauth to /reauth) and Firefox does NOT reprompt.
As you suggest, we need to handle this in the browser via a form or something and i think that's the only way it will get solved.
Let me get 0.4.0 wrapped up and I'll start experimenting.
billchurch
commented
3 years ago
We have a server with a 2-factor login enabled. Hence, the default password authentication is not supported but only keyboard interactive to enter password + second factor.
Using WebSSH to connect to the server I get the error "All configured authentication methods failed".