Two Factor with SMS works on GUI but not scripting

Advertisement

patricia
Guest

Two Factor with SMS works on GUI but not scripting

Hello! I've read several posts that talk about how WinSCP scripting does not support multi-password authentication (like here – Two passwords needed to enter server and WinSCP and Two Factor Authentication With One Time SMS Password). I'm trying to access an account via FTP that requires user to enter an extra verification code sent to them via SMS after the initial login attempt. When I use the GUI, it will prompt me a second time for a "password" after notifying the first login (with user and password) didn't work. I need that initial attempt however to trigger the code being sent to my phone. Once I enter the verification code at the second password prompt, login is successful. I attached the log file.

Is there a way to replicate this behavior in the PowerShell scripting? Can the login failure not shut us out from sending another password? That way we can prompt the user for it? Attaching the log for the scripting version as well.

Thank you!

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,984
Location:
Prague, Czechia

Re: Two Factor with SMS works on GUI but not scripting

What I see in the GUI log is that when you connect the first time, a password authentication fails. And then you connect second time and the password authentication succeeds. I do not see any multi-password authentication. Does the server somehow remember that you have made a connection attempt (from the same IP? with the same username?) earlier with a correct password, and then when you authenticate with an SMS code (as a password), it lets you in? Well, then you can do the same with scripting or .NET assembly.

Reply with quote

patricia
Guest

I'm guessing that is how it works. I'm adding some screenshots. I start the login with just my username then it prompts me for my password, it fails (at which point I receive the SMS), the GUI then provides another password box where I type in the verification code and login succeeds. Do you have any tips for translating this to the script or more specifically for trying to update the parameters of the session without starting a new one? I'm attaching my code below but my current approach is just calling New-WinSCPSession a second time and inputting the same username with a different password. It failed with a note that CAPTCHA is required. Once I logged in manually from the browser my script was able to logon. Any tips on resolving the CAPTCHA without the browser or not triggering it in the first place?
Thank you!
# Ask for credential, export to encrypted file, then import
$credential = Get-Credential
$credential | Export-Clixml ftpcredentials.xml
$ftpcredentials = Import-Clixml ftpcredentials.xml
 
New-WinSCPSession -SessionOption (New-WinSCPSessionOption -Credential $ftpcredentials -HostName "ftp.box.com" -Protocol Ftp) -SessionLogPath "C:\Users\patsm\Downloads\logfile.txt"
 
# ask for credentials again so user can input verification code as password
$credential = Get-Credential
$credential | Export-Clixml ftpcredentials.xml
$ftpcredentials = Import-Clixml ftpcredentials.xml
 
New-WinSCPSession -SessionOption (New-WinSCPSessionOption -Credential $ftpcredentials -HostName "ftp.box.com" -Protocol Ftp) -SessionLogPath "C:\Users\patsm\Downloads\logfile2.txt"

WinSCP_GUI_Screenshots.png

Reply with quote

martin
Site Admin
martin avatar

Your code is imo equivalent of what you do in GUI.
If that does not work, please post session log files from your script.
I do not understand the part about captcha. How does it work?

Reply with quote

Advertisement

You can post new topics in this forum