There are so many prompts outside that we cannot include them all. AFAIK there's generic support for unknown prompts that pops up a window showing you the prompt (or generally spoken: the output as received from the remote side) and letting you enter the matching response. I am not sure when this comes up and how to trigger it. I have seen it a few times when testing with a custom MFA at a customer but I never managed to successfully use it. I don't know why. Maybe some research is required here.
I would suggest to test this mechanism and make it somehow configurable. We could e.g. add a configuration item where you can specify the expected prompt and how to respond to it. Maybe also offer a global configuration where you can hold the expected prompts for multiple MFAs so you do not have to configure that on a per-connection basis. Uli On Sat, Aug 26, 2023 at 1:59 AM Orion Poplawski <or...@nwra.com> wrote: > > On 8/23/23 12:22, Grigory Shamov wrote: > > Hi Stefan, > > > > Thank you very much for your response! Yes, it looks like our SSH server > > "interactive" response for Yubikey/Duo is not being recognized by the > > current X2Go clients. > > The kind of response that looks like this: > > > > ==== > > (user@host) Duo two-factor login for user: > > > > Enter a passcode or select one of the following options: > > > > Passcode: > > ==== > > > > We are running an HPC machine here, with user authentication coming from a > > National-wide HPC organization, that chose Duo for MFA. We cannot easily > > just pick a random 2nd factor vendor. > > > > The related common SSH/SFTP/SCP GUI clients like PuTTY and and MobaXterm > > and FileZilla do not seem to have this issue, at least in recent versions. > > (I just had a user that out of exasperation tried to run X2go over an SSH > > client created by Putty which is of course impossible) . > > > > I think the main difference between x2goclient and at least putty is > that x2goclient is managing the ssh interaction and feeding the prompts > as needed. putty is simply presenting the prompts to the user and > allowing them to interact with them. I'm not sure x2goclient has any > other way to know that the connection is waiting for more authentication > input. > > x2go client has the following known prompts: > > const QString SshMasterConnection::challenge_auth_code_prompts_[] = { > "Verification code:", // GA > (http://github.com/google/google-authenticator) > "One-time password (OATH) for", // OATH > (http://www.nongnu.org/oath-toolkit/pam_oath.html) > "passcode:", // MOTP (http://motp.sourceforge.net) > "Enter PASSCODE:", // SecurID > "YubiKey for" // YubiKey > (https://en.wikipedia.org/wiki/YubiKey) > }; > > which is close. We could either add "Passcode:" for Duo, or make the > comparison case insensitive. > > -- > Orion Poplawski > he/him/his - surely the least important thing about me > IT Systems Manager 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane or...@nwra.com > Boulder, CO 80301 https://www.nwra.com/ > > _______________________________________________ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user _______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user