Authenticating the Client with Keyboard Interactive Authentication

keyboard-interactive is an SSH authentication mechanism that allows generic challenge-response type authentication. This can vary from a single prompt for the users’ password to multiple rounds of challenges. 

To support this type of authentication in Maverick Synergy, you must provide a KeyboardInteractiveCallback implementation. Let’s look at how we would set this up:

ssh.authenticate(new KeyboardInteractiveAuthenticator(new KeyboardInteractiveCallback() {
    public void init(SshConnection connection) {
    }
    public void showPrompts(String name, String instruction, KeyboardInteractivePrompt[] prompts,
               KeyboardInteractivePromptCompletor completor) {
    }
}), 30000);

As usual, we are passing an Authenticator object to the SshClient to perform authentication. We have created an empty implementation of KeyboardInteractiveCallback. The init method is called before authentication starts; it’s there for you to use for any initialization that you need to perform; in most cases, you can leave this empty. If you want, you can store the SshConnection to maintain any state with its property methods. Alternatively, you could extend AbstractKeyboardInteractiveCallback, which implements init with a method that stores the SshConnection to a protected “connection” variable. 

When authentication starts, you should expect to receive one or more calls to the showPrompts method. You are required here to show the prompts provided to the user and receive a response. Below, we show you how to do this using the console by simply prompting the user through System.out and receiving input through System.in.

try {
    System.out.println(instruction); 
    for(KeyboardInteractivePrompt prompt : prompts) { 		    
        System.out.print(prompt.getPrompt()); 
        if(prompt.echo()) {
            prompt.setResponse(System.console().readLine()); 
        } else {		    		    	 
            prompt.setResponse(new String(System.console().readPassword()));
        }
    } 
    completor.complete(); 
} catch (Exception e) { 
    completor.cancel(); 
}

In this code, we printed out the instruction field provided by the server, then iterated over the prompts, showing a prompt and receiving the response; the response from the user must be set on the KeyboardInteractivePrompt object using the setResponse method.

When you have completed all these, it is important to call the complete method on the KeyboardInteractivePromptCompletor object. This will submit the responses to the server; without this, your authentication will hang. If, for any reason, the user wants to cancel the authentication, call the cancel method on the KeyboardInteractivePromptCompletor object.