sftp google authenticator and two factor authentication

Support for Android version of Total Commander

Moderators: Stefan2, white, sheep, Hacker

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 36220
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: sftp google authenticator and two factor authentication

Post by *ghisler(Author) » 2018-08-03, 19:52 UTC

Is there any particular text the library is looking for in the second prompt?
No, it's not - it just looks for "password" in any prompt, and assumes that it asks for the password then. I can try to exclude the above string, but then another server will surely come up with a slightly different request string...
Author of Total Commander
http://www.ghisler.com

Dogora
Junior Member
Junior Member
Posts: 8
Joined: 2018-07-30, 14:09 UTC

Re: sftp google authenticator and two factor authentication

Post by *Dogora » 2018-08-05, 21:24 UTC

Well, after playing around for too long, I give up.

I tried the Google Authenticator PAM module and the plugin prompted a second time for the verification code as expected. But, it never logs in. My server logs show the error "invalid verification code".

Then I went back to the other 2fa module, pam_oath.so. However, I used a hex editor to hack it so it prompts 'passward' instead of 'password'. The plugin now asks for the second code showing the hacked prompt. But, it doesn't work either. The server log says 'failed password'.

Every other method I have tried works. The plugin works for you guys, so I understand your position.

Many thanks for all your help. I will revisit this later when I have more time and get tired of working around it.
Last edited by Dogora on 2018-08-06, 13:08 UTC, edited 1 time in total.

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 36220
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: sftp google authenticator and two factor authentication

Post by *ghisler(Author) » 2018-08-06, 07:00 UTC

Sorry to hear that you couldn't get it to work! Google Authenticator only works when 3 conditions are met:
1. The seed value is entered correctly
2. The time of both the server and the client are accurate (to about 1 minute)
3. The time zone is set correctly, because Google Authenticator uses UTC (universal time) for the time factor
Author of Total Commander
http://www.ghisler.com

Dogora
Junior Member
Junior Member
Posts: 8
Joined: 2018-07-30, 14:09 UTC

Re: sftp google authenticator and two factor authentication

Post by *Dogora » 2018-08-08, 00:52 UTC

Thanks, but I'm good with all that. My server uses NTP and my phone gets its time from the carrier. I'm using andOTP on the phone to generate the codes. Every other method I've tried for SSH or SFTP works, so my TOTP codes are working fine.

Since I just got key file login (pem) to work with the SFTP plugin, I'm good. I can SSH in as needed with 2fa from any terminal program, and SFTP in with the plugin using my key file.

Post Reply