Two-factor authentication

Advertisement

aruhela
Joined:
Posts:
5

Two-factor authentication

Hi Support Team,

The issue is regarding two-factor authentication. I am able to login on my web server by just providing the token key with an already stored password. However, whenever I edit the first file opened from the WinSCP explorer and save it, WinSCP asks for authentication again. At this time, WinSCP asks for both password and token.

This bug is very similar to "Minor problem with ssh google two-factor authentication". I am attaching the debug logs for your reference.

Thanks and Regards,
Amit Ruhela
  • server1.log (576.58 KB, Private file)
Description: A few information like server name and IP address are changed in this file. If there are any other sensitive texts like ssh keys in this attachment, please let me know or delete it on your server file.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,502
Location:
Prague, Czechia

Re: Two-factor authentication

And what is the expected behavior? Do you expect no prompt at all (reusing password and token)? Or is the token one-time only, and you expect no password prompt, but you need a token prompt for a new token?

Reply with quote

aruhela
Joined:
Posts:
5

Re: Two-factor authentication

martin wrote:

And what is the expected behavior? Do you expect no prompt at all (reusing password and token)? Or is the token one-time only, and you expect no password prompt, but you need a token prompt for a new token?

Since a user has already logged in to the remote server, therefore, I expect WinSCP not to ask the authentication again while doing file modification. If not possible for some reason, then, for the ease of users, WinSCP should use the already stored password and only ask for the token to be entered.

WinSCP never asks for second time authentication until all files are only read. Only, when a file is modified, it requests for second time authentication. Once credentials are verified, one can modify several files without any further authentications.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
29,502
Location:
Prague, Czechia

Re: Two-factor authentication

aruhela wrote:

Since a user has already logged in to the remote server, therefore, I expect WinSCP not to ask the authentication again while doing file modification. If not possible for some reason, then, for the ease of users, WinSCP should use the already stored password and only ask for the token to be entered.
Files saved in an editor are put to a transfer queue for an upload. The queue (must) uses a different connection, so it needs a new authentication. WinSCP actually remembers the token (assuming it's a password) and re-tries it for the authentication. That fails (I assume the token is one-time only) and WinSCP restarts the authentication from the scratch, not using a stored password, as it does not know what caused failed authentication (which of the two "passwords"). Try turning off Remember password for duration of the session:
https://winscp.net/eng/docs/ui_pref_security

Reply with quote

aruhela
Joined:
Posts:
5

Re: Two-factor authentication

Thanks, Martin for the information and the suggestion.

Is it possible to create both the connections beforehand(at the time of first connection creation)?

Amit



martin wrote:

aruhela wrote:

Since a user has already logged in to the remote server, therefore, I expect WinSCP not to ask the authentication again while doing file modification. If not possible for some reason, then, for the ease of users, WinSCP should use the already stored password and only ask for the token to be entered.
Files saved in an editor are put to a transfer queue for an upload. The queue (must) uses a different connection, so it needs a new authentication. WinSCP actually remembers the token (assuming it's a password) and re-tries it for the authentication. That fails (I assume the token is one-time only) and WinSCP restarts the authentication from the scratch, not using a stored password, as it does not know what caused failed authentication (which of the two "passwords"). Try turning off Remember password for duration of the session:
https://winscp.net/eng/docs/ui_pref_security

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,502
Location:
Prague, Czechia

Re: Two-factor authentication

aruhela wrote:

Is it possible to create both the connections beforehand(at the time of first connection creation)?
No. Would that even help? I understood that you need a separate token for each. So you would still have to type a token twice. And you would possibly even not know, which token belongs to which connection, right?

Reply with quote

aruhela
Joined:
Posts:
5

Hi Martin,

Several times, I have opened two windows(one putty and another WinSCP) using the same token. It depends upon how fast you enter the token which remains the same for about 30 seconds. I believe it is possible to open two sessions in the background within WinSCP using the same token. if you can generate a temporary executable, I can give it a try.

Thanks,
Amit

Reply with quote

aruhela
Joined:
Posts:
5

Thanks, Martin for the quick fix. I really appreciate your efforts.

Is it possible to download the development version? if yes, can you point me the weblink?

Amit

Reply with quote

Advertisement

You can post new topics in this forum