Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH in-browser and key authentication options exclusives? #946

Open
drustan opened this issue Feb 16, 2024 · 7 comments
Open

SSH in-browser and key authentication options exclusives? #946

drustan opened this issue Feb 16, 2024 · 7 comments

Comments

@drustan
Copy link

drustan commented Feb 16, 2024

Hello!

First of all, big thanks for this amazing project; it truly is a fantastic tool :)

Now, I've encountered an issue where, if I enable both the "in-browser" and "key" authentication methods for SSH, the in-browser validation appears to malfunction. Attempting to click the button to authorize the connection results in no action.

Cheers and thanks again!
@Eugeny
Copy link
Member

Eugeny commented Feb 16, 2024

I haven't tested this directly, but have you also confirmed the keyboard-interactive prompt in the SSH client after clicking Authorize in the browser? The client is going to wait for your input before checking whether the auth was successful or not.

@drustan
Copy link
Author

drustan commented Feb 17, 2024

Yes, I did check that. When you hit enter in the shell, the shell hangs like when you did not authorized the connection.

It's actually working well when only the "in-browser" option is activated.

It would be nice to implement a feature that displays a "connection not authorized" message where the connection hasn't been validated by the user. This would clarify the connection status.

@budachst
Copy link

Can you please tell me, how you configured that? I can't find any documentation about this feature.

@drustan
Copy link
Author

drustan commented Feb 20, 2024

You can configure that for each user in Config / Users / youruser

Screenshot from 2024-02-20 17-54-24

@budachst
Copy link

Ahh… cool! Really nice. As for your question about whether in-browser and key authentication are exclusives, to me it seems that they're actually inclusive. If you activate either, you can't use the in-browser auth alone, but your keys must match as well. This is actually great stuff and I am so happy, that I stumbled across this.

@drustan drustan mentioned this issue Mar 11, 2024
Open
@SheaSmith
Copy link
Contributor

I think it depends what options you have setup. For example, if you select 'Any credential', then either the key OR the OOB auth can be used. Whereas if you enable both the key and OOB/in-browser auth, then both will be required.

For example, either key or OOB/in-browser would be enabled in this scenario:
image

Whereas both key and OOB/in-browser would be required in this scenario:
image

There seems to be a separate bug where if you have 'Any credential' enabled, only SSH keys and SSO configured for a user, and a key doesn't match (and so isn't used for auth) a password is prompted instead of keyboard interactive auth, but I'll make a separate issue for that.

@theMackabu
Copy link

theMackabu commented May 1, 2024
edited

ive been having this exact same issue, temporary fix is to create another account with the name sso (or similar) and have that only be able to use browser authentication

edit: should have commented this in issue #972

@theMackabu theMackabu mentioned this issue May 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Eugeny @drustan @budachst @theMackabu @SheaSmith