Version

Argent Advanced Technology 5.1A-1701-A and earlier versions

Date

Wednesday, 8 March 2017

Summary

The Password and Keyboard-Interactive authentication behaves similarly when asking logon user entering the password. Keyboard-Interactive authentication is considered more secure. In some case, Password authentication is turned off, and only Keyboard-Interactive authentication is allowed. In this case, Argent AT 5.1A-1701-A and earlier versions fail to connect to SSH server due to authentication failure.

The issue has been addressed in Argent AT 5.1A-1701-B. New logon option ‘Keyboard Interactive’ is added to licensed node properties of Linux/UNIX server.

Technical Background

The SSH protocol has numerous authentication methods. The Password and Keyboard-Interactive are two of the most commonly used. When user logons using SSH client programs such as PuTTY, there is little difference when user enters password after prompt. However, two are very different in the underneath mechanism. Detail can be found in https://en.wikipedia.org/wiki/OpenSSH

Resolution

Upgrade to Argent AT 5.1A-1701-B.

For user who cannot upgrade immediately, change registry SOFTWARE\Argent\COMMON\ SSH_LIBRARY to 1. By doing so, PLINK.exe instead of built-in SSH library will be used to communicate with SSH server. PLINK.exe has no issue with Keyboard-Interactive authentication.