How to use SFTP (with client validation - keyboard-interactive authentication)

The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client authentication, via password.

Keyboard-interactive (KBI) authentication is the most recently introduced form of authentication for SSH. It involves the server sending prompts to the client, which the client must respond to correctly to be authenticated. Its purpose is permit the client to support a variety of authentication mechanisms without knowing anything about them.

edtFTPj/PRO's implementation of KBI authentication relies on the programmer knowing the prompts in advance. The prompts are easily determined by connecting to the server via a command-line ssh client, using KBI.

In edtFTPj/PRO, when the server sends its list of prompts that require responses, the client searches the list of loaded SSHAuthPrompts for each prompt. It then sends the set responses back to the server. If the expected responses are supplied, the authentication succeeds.

If the prompt is for a user's password, it will typically be something like "Password:". The SSHPasswordPrompt class is supplied to make it easier to set up a password prompt.

Often, the password prompt is the only prompt required. Of course, there are other prompts that could be requested, such as an RSA SecurID token. Some servers have a number of submethods that can be configured for KBI.

An example of using SSHPasswordPrompt is shown below

SSHAuthPrompt[] prompts = new SSHAuthPrompt[1];
prompts[0] = new SSHPasswordPrompt(password);
ftp.setAuthentication(username, prompts);

Sometimes servers will allow for failure of one type of KBI prompt (e.g. SecurID), responding to another attempt with a different prompt (such as for password). edtFTPj/PRO makes a second KBI authentication attempt automatically if the first attempt fails.

The other authentication method, public key authentication, is discussed in How to use SFTP (with client validation - public key authentication).