[Cyberduck-trac] [Cyberduck] #7573: Separate dialog for keyboard-interactive prompts

Cyberduck trac at trac.cyberduck.io
Thu Nov 28 19:04:46 UTC 2013

#7573: Separate dialog for keyboard-interactive prompts
 Reporter:  samukallio   |         Owner:  dkocher
     Type:  enhancement  |        Status:  new
 Priority:  low          |     Milestone:
Component:  sftp         |       Version:  4.4
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:
 Platform:               |

Comment (by samukallio):

 The most straightforward solution would be to bring up a dialog for each
 prompt in turn, containing the prompt message and a single input field for
 the answer. The input field would be a regular text field or a password
 field depending on the "echo" flag for that prompt. I've attached a
 screenshot showing how this is implemented in WinSCP. Here, "#AC login:"
 is the prompt message and the field is a regular text field (echo on).

 Generally speaking, it's not possible for a client application to know for
 sure the meaning of any prompt, because the challenge-response
 authentication method can't convey any metadata about them. Still, if the
 server is simply doing normal password authentication using challenge-
 response, sending a simple "Password:" prompt, it's probably safe to
 assume that is the password. Currently, Cyberduck assumes that the first
 prompt is always the password prompt regardless of the message or value of
 the echo flag.

 Here is how I would implement this:

 - If this is the first prompt, echo=off and the message is "Password:",
 assume it's asking for the user's password. Supply the value from the
 standard user/password dialog (or automatically, if the user chose
 remember password). If that is all the server wants, then the user doesn't
 have to deal with the challenge/response prompt dialog.
 - If this is the first prompt, but the prompt it something else, then
 don't assume anything and just present the user with the
 challenge/response dialog. Don't record the answer anywhere (as in
 "remember password"), since it's not really possible to say if this is a
 one-time value (e.g. google authenticator code) or not.
 - For all the rest of the prompts, present the challenge/response dialog.

 Note that if a "Password:" prompt comes in after the first prompt, it
 might not correspond the password for the SSH user. This is the case for
 the service depicted in the screenshot, where it first asks the user for
 his e-mail address, and then for a password corresponding to that e-mail
 address (not the SSH user).

Ticket URL: <https://trac.cyberduck.io/ticket/7573#comment:2>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list