Notification

Icon
Error

SSH - Keyboard Interactive Authentication

Posted: Wednesday, December 4, 2019 5:29:09 PM(UTC)
KevinA-REJIS

KevinA-REJIS

Member Original PosterPosts: 28
1
Like
We have several Dell PowerEdge servers with iDRAC connections. We've previously been able to scan them with SSH credentials, but now we're experiencing a problem.

We recently updated the drivers/firmware on the servers, including iDRAC. Following this, Lansweeper has been unable to scan iDRAC (seems limited to iDRAC8, version 2.70.70.70), saying it cannot connect to SSH with the supplied credentials. After doing some digging, I found in the release notes for that iDRAC version that keyboard interactive authentication has been enabled in its SSH server, requiring both password and keyboard to log in (confirmed when trying to connect with PuTTY).

Is there any way around this?



Link to release notes:

https://topics-cdn.dell....f/idracv2_70rn_en-us.pdf
Esben.D
#1Esben.D Member Administration Posts: 1,982  
posted: 12/6/2019 11:48:07 AM(UTC)
Is there no way to turn off this feature?

I'm not sure how there would be a way to work around it other than to try and turn off that functionality at the moment.

What I can do is forward this to the right people so we can take a look at it to see what we can do. So thanks for bringing this up!
RKCar
#2RKCar Member Posts: 82  
posted: 12/6/2019 4:03:02 PM(UTC)
Interesting. Do you happen to use a vulnerability scanner as well? Just curious to know if that is still able to scan successfully.

The fact that you posted this may have saved me a troubleshooting headache somewhere down the line when I inevitably would add our iDRAC credentials and find that it wasn't working.
KevinA-REJIS
#3KevinA-REJIS Member Original PosterPosts: 28  
posted: 12/6/2019 5:22:21 PM(UTC)
Originally Posted by: Esben.D Go to Quoted Post
Is there no way to turn off this feature?

I'm not sure how there would be a way to work around it other than to try and turn off that functionality at the moment.

What I can do is forward this to the right people so we can take a look at it to see what we can do. So thanks for bringing this up!


I looked through the documentation for that iDRAC firmware level but didn't see anything. I created a topic on Dell's support forums to see if it's possible.



Originally Posted by: RKCar Go to Quoted Post
Interesting. Do you happen to use a vulnerability scanner as well? Just curious to know if that is still able to scan successfully.

The fact that you posted this may have saved me a troubleshooting headache somewhere down the line when I inevitably would add our iDRAC credentials and find that it wasn't working.


We do have an AlienVault vulnerability scanner, but it's managed by our LAN/WAN team so I don't know if it's still able to scan.
Esben.D
#4Esben.D Member Administration Posts: 1,982  
posted: 12/11/2019 4:48:11 PM(UTC)
If you can't turn this off, it might be a good idea to contact the support team and let them know, just in case I miss it. That way we can start looking into it more.
KevinA-REJIS
#5KevinA-REJIS Member Original PosterPosts: 28  
posted: 12/11/2019 7:44:48 PM(UTC)
A Dell mod responded on the support forums, they are not aware of a method to turn it off.

https://www.dell.com/com...ation/m-p/7427565#M28321

I will send an email to Lansweeper support.
blackmoonwolf
#6blackmoonwolf Member Posts: 4  
posted: 5/7/2020 5:33:39 AM(UTC)
I, too, am now unable to get Lansweeper to auth into the iDRAC7 (2.65.65.65) or iDRAC8 (2.70.70.70). I have also commented on the Dell support thread linked by the OP.
blackmoonwolf
#7blackmoonwolf Member Posts: 4  
posted: 7/18/2020 1:29:56 PM(UTC)
Originally Posted by: KevinA-REJIS Go to Quoted Post
A Dell mod responded on the support forums, they are not aware of a method to turn it off.

https://www.dell.com/com...ation/m-p/7427565#M28321

I will send an email to Lansweeper support.


Given the last two responses that I've been given on that thread, they are outright ignoring the plea to give us the option to disable this extremely inconvenient feature.

I'm quite irate with Dell right now.
blackmoonwolf
#8blackmoonwolf Member Posts: 4  
posted: 7/27/2020 3:22:08 PM(UTC)
I have emailed support@lansweeper.com directly for a "feature request" to mitigate this issue.
blackmoonwolf
#9blackmoonwolf Member Posts: 4  
posted: 7/27/2020 3:24:31 PM(UTC)
Also of interest is one individual who coded a workaround for it. (He has also been commenting on the Dell thread.)

https://stackoverflow.co...bfb94f9e8f9881ebafe8284f

Obviously there doesn't seem to be a way to leverage this in the Lansweeper software/interface from our end. But perhaps it may shed some insight on a solution for the folks at Lansweeper who will provide a solution to this problem.

Active Discussions

Lansweeper Windows 10 Upgrade to 2004
by  Alex Beaumier   Go to last post Go to first unread
Last post: Today at 1:18:01 PM(UTC)
Lansweeper snmp trap HP 1910 switch
by  info   Go to last post Go to first unread
Last post: Today at 11:52:17 AM(UTC)
Lansweeper Lsagent cloud relay changes the scanserver value
by  ghelpdesk  
Go to last post Go to first unread
Last post: Today at 2:45:11 AM(UTC)
Lansweeper Is there a chance to get the firewall off via Lansweeper?
by  RedWood   Go to last post Go to first unread
Last post: Yesterday at 11:23:31 PM(UTC)
Lansweeper Not working Wake on Lan
by  RedWood  
Go to last post Go to first unread
Last post: Yesterday at 11:17:33 PM(UTC)
Lansweeper Wake on Lan Issues
by  RedWood   Go to last post Go to first unread
Last post: Yesterday at 11:06:12 PM(UTC)
Lansweeper New Web Interface
by  anpatterson03  
Go to last post Go to first unread
Last post: Yesterday at 10:05:19 PM(UTC)