Announcement

Collapse
No announcement yet.

BC 4 on MacOS connecting over SFTP with prompt

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • BC 4 on MacOS connecting over SFTP with prompt

    I am trying to set up a profile to connect to a server over SFTP (SSH), using my private-public key. There is a multi-factor authentication mechansim (Duo), which prompts during the connection attempt and asks for the type of MFA to use. For example, after the initial connection I am prompted to confirm by phone, email, or using Google MFA.

    I think the prompt is causing a problem for Beyond Compare. Is there a solution to handle MFA?

    I am using version 4.3.7 on MacOS Big Sur to connect to Linux RHEL 8.

  • #2
    Hi,

    This would be with Cisco duo.com, correct? What is the exact behavior you are seeing when you attempt to connect, and what does the log show? You can email us a copy of the log and any full screen screenshots to support@scootersoftware.com (along with a link back to this forum post for our reference).
    Aaron P Scooter Software

    Comment


    • #3
      Hi Aaron,

      Thanks for reply so quickly. Duo displays a prompt that takes the values 1, 2, or 3 as input. Each value identifies a different type of multi-factor authentication. When I try to use BC with SFTP, I don't see the prompts and I wonder if I am doing something wrong or if this is something BC doesn't support yet.

      I have had a few other applications that support password or key-based authentication via SSH/SFTP, but they don't handle prompts. I've attached an example from Cisco's web site that illustrates what would happen for SSH-based authentication with Duo.

      Click image for larger version

Name:	SSH-Login.png
Views:	46
Size:	15.2 KB
ID:	85350

      Comment


      • #4
        Thanks. I'll have to throw together a test environment to try to reproduce this sequential keyboard authentication. We should be able to handle multiple questions, but currently expect them to come in all at once. Or, if you have a test account we could try, you can email the details to support@scootersoftware.com (along with a link back to this thread for our reference).
        Aaron P Scooter Software

        Comment


        • #5
          We've tested BC's SFTP support with an OpenSSH server configured to use libpam-google-authenticator (Google Authenticator) as the second factor (so it prompts for a password first, then shows a second prompt asking for the MFA code) and BC4 works correctly in that case. Are you not getting a prompt at all, or is it showing a dialog within incomplete/missing information?

          In my testing here, there was an issue if the BC profile had the password saved though. In that case, it would still prompt for the password and MFA code, but then disconnect with a 10054 error code. In that case the log included the line "Password authentication failed" before "Keyboard interactive authentication successful".
          ZoŽ P Scooter Software

          Comment

          Working...
          X