search

trzsz / trzsz-ssh

trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the openssh client. It aims to provide complete compatibility with openssh, mirroring all its features, while also offering additional useful features. Such as login prompt, batch login, remember password, automated interaction, trzsz, zmodem(rz/sz), udp mode like mosh, etc.
https://trzsz.github.io/ssh
MIT License
1.72k stars 102 forks source link

Support for 2FA? #69

Closed duanjiong closed 10 months ago

duanjiong commented 10 months ago

There is currently no relevant configuration from the documentation

lonnywong commented 10 months ago

If the ssh server asks you for 2FA, tssh should support it. 2FA is generally implemented using keyboard interactive authentication. Could you provide more information about the 2FA you are using?

duanjiong commented 10 months ago

If the ssh server asks you for 2FA, tssh should support it. 2FA is generally implemented using keyboard interactive authentication. Could you provide more information about the 2FA you are using?

I mean like auto-typing 2FA, the code for 2FA changes all the time, the ones in the docs are currently fixed inputs

duanjiong commented 10 months ago

2FA Dynamic values can be obtained by scripting oathtool --totp -b ****

Ref: https://www.iots.vip/post/iterm2-jumpserver-totp-autocomplete.html

lonnywong commented 10 months ago

OK, let's do it with:

Host xxx
    OtpCommand1 oathtool --totp -b ****  # similar to QuestionAnswer1
    encOtpCommand2 23d7bc18fa6661567a43f6d0f26e314dda637b7bd38afa028f3d14fb80c085b666de1b8a05cb21f54a0b8e92c308def52ae967
    otp636f64653a20 oathtool --totp -b ****  # 636f64653a20 is hex of `code: `
    encotp636f64653a20 23d7bc18fa6661567a43f6d0f26e314dda637b7bd38afa028f3d14fb80c085b666de1b8a05cb21f54a0b8e92c308def52ae967
duanjiong commented 10 months ago

OK, let's do it with:

Host xxx
    OtpCommand1 oathtool --totp -b ****  # similar to QuestionAnswer1
    encOtpCommand2 23d7bc18fa6661567a43f6d0f26e314dda637b7bd38afa028f3d14fb80c085b666de1b8a05cb21f54a0b8e92c308def52ae967
    otp636f64653a20 oathtool --totp -b ****  # 636f64653a20 is hex of `code: `
    encotp636f64653a20 23d7bc18fa6661567a43f6d0f26e314dda637b7bd38afa028f3d14fb80c085b666de1b8a05cb21f54a0b8e92c308def52ae967

Is this a feature that will be implemented later? Or is it already supported?

lonnywong commented 10 months ago

Later, maybe this weekend.

lonnywong commented 10 months ago

Done in https://github.com/trzsz/trzsz-ssh/commit/f83d4e5f4ba96061fd0e7aa0329a8c051b7ae106

If ControlMaster multiplexing is enabled or using Warp terminal, configure as follows:

Host case1
    #!! CtrlExpectCount 1
    #!! CtrlExpectPattern1 token:  # the password prompt
    #!! CtrlExpectSendOtp1 oathtool --totp -b ****

Host case2
    #!! CtrlExpectCount 1
    #!! CtrlExpectPattern1 token:  # the password prompt
    #!! CtrlExpectSendEncOtp1 23d7bc18fa6661567a43f6d0f26e314dda637b7bd38afa028f3d14fb80c085b666de1b8a05cb21f54a0b8e92c308def52ae967
duanjiong commented 10 months ago

Good. It's working.

lonnywong commented 9 months ago

现在 main 分支支持直接配置 totp 的 secret 了,要在 v0.1.19 发布之后生效,或者这样安装 go install github.com/trzsz/trzsz-ssh/cmd/tssh@main,安装的路径在 ~/go/bin/

配置对比: otp command totp secret
OtpCommand1 oathtool --totp -b **** TotpSecret1 ****
encOtpCommand2 ... encTotpSecret2 ...
otp636f64653a20 oathtool --totp -b **** totp636f64653a20 ****
endotp636f64653a20 ... enctotp636f64653a20 ...
ExpectSendOtp1 oathtool --totp -b **** ExpectSendTotp1 ****
ExpectSendEncOtp1 ... ExpectSendEncTotp1 ...
CtrlExpectSendOtp1 oathtool --totp -b **** CtrlExpectSendTotp1 ****
CtrlExpectSendEncOtp1 ... CtrlExpectSendEncTotp1 ...