General Purpose SSH Login that with works with devices that have both TACAS enabled or not.

Question

Hi, I need to access Cisco TACACS-enabled devices, and following these steps allows me to log into them.

https://forum.rebex.net/22012/ssh-login-cisco-ios-with-tacacs

However, I need this same codebase to access devices that need password authentication and not be limited to only the keyboard-interactive method. It seems all other SSH clients figure it out. Is there a better solution that allows the code to be flexible and work with different device types?

Thank you.

Answer 1

Hi,

You can instruct Rebex SSH to prefer 'keyboard-interactive' if available, and only use 'password' otherwise:

var ssh = new Rebex.Net.Ssh();
ssh.Settings.PreferInteractiveAuthentication = true;

ssh.AuthenticationRequest += (s, e) =>
{
    Console.WriteLine("Server: {0}", e.Name);
    Console.WriteLine("Instructions: {0}", e.Instructions); 

    foreach (SshAuthenticationRequestItem item in e.Items)
    {
        // display the prompt
        Console.WriteLine(item.Prompt);

        // get answer
        item.Response = Console.ReadLine();
    }
};

ssh.Connect(host);
ssh.Login(user);

var response = ssh.RunCommand("show int sum");
Console.WriteLine(response);

In this case, the AuthenticationRequest request handler would be called both for 'keyboard-interactive' (based on what the server asked for) and for 'password' (where it would just ask for the password).

Comments

The version I was currently using didn't have the PreferInteractiveAuthentication property, but I tried it with an updated version that does, and it works as expected.
Thank you

---

Yes, PreferInteractiveAuthentication property appeared i 2019, so at least v5.0.7206 is needed for this: https://www.rebex.net/sftp.net/history.aspx#2019R3.2