Support for "password:" password prompts

[ahmedchater]

For our network devices, we use TACACS for network access authentication, which uses a custom password prompt to differentiate from logging in with a local account. In other words, here's the local password prompt:

=============================== TOS =============================== Password:

and here's the network password prompt:

=============================== TOS =============================== Ops password:

This can be supported if you update the following line in NewSessionBase.cs from: if (prompt.Request.Contains("Password")) to if (prompt.Request.Contains("assword"))

I'm new to Github so I don't know what the protocol is, I didn't want to make the change myself, so I figured I would submit it as an issue and get your thoughts on it. Thanks!

[darkoperator]

Will take a look, might need to make it a parameter with a default value.

[the-chef]

If this could be parameterized, that would be fantastic. I work with a setup that uses keyboard-interactive logins only, and the password prompt is PASSCODE rather than Password.

[keithga]

^ THIS

There are multiple kinds of Authentication Prompts, not just "Password:", However Posh-SSH will only respond back to prompts that contain the string "Password".

In my centos environment, when the password is expired (which is something I REQUIRE, during default setup procedures), it will respond back with the following prompts:

Password:
You are required to change your password immediately (root enforced)\nChanging password for tanadmin.\n(current) UNIX password: 
New Password:
Confirm new password:

Even if the code was changed above with the change from ahmedchater, it still wouldn't solve this basic problem, because Posh-SSH would respond back to each of the prompts using the old password, not with the new password. Additionally, dropping any additional prompts from bubbling up to the console.

The Design Change here would be to make KeyboardInteractive really keyboard interactive, and instead of just assuming the request is "Password:" , to send the requests to the console stream for use there.

I admit this is not a trival change. Right now the SSH.NET code assumes that the connection has been authenticated before establishing a stream connection.

[darkoperator]

If you can get a PR for SSH.Net I can fork it and use that inside the module. At the moment I have been avoiding forking the library but considering doing it and use PRs other submit to it

Sent from my iPhone

On Jan 1, 2020, at 2:13 PM, keithga notifications@github.com wrote:

 ^ THIS

There are multiple kinds of Authentication Prompts, not just "Password:", However Posh-SSH will only respond back to prompts that contain the string "Password".

In my centos environment, when the password is expired (which is something I REQUIRE, during default setup procedures), it will respond back with the following prompts:

Password: You are required to change your password immediately (root enforced)\nChanging password for tanadmin.\n(current) UNIX password: New Password: Confirm new password: Even if the code was changed above with the change from ahmedchater, it still wouldn't solve this basic problem, because Posh-SSH would respond back to each of the prompts using the old password, not with the new password. Additionally, dropping any additional prompts from bubbling up to the console.

The Design Change here would be to make KeyboardInteractive really keyboard interactive, and instead of just assuming the request is "Password:" , to send the requests to the console stream for use there.

I admit this is not a trival change. Right now the SSH.NET code assumes that the connection has been authenticated before establishing a stream connection.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[asztymelski]

Any progress on that guys? Are you still working on any solution to that? I have the same issue on my CentOS. Thanks in advance