Session auto-login with Yubikey 2 factor
Hi all,
We are currently rolling out two factor authentication for all servers using Yubikey's. This means that when we login, the username has to be the Yubikey hash, and the password is just my usual password.
How would we go about making it so that I just have to press the button on the Yubikey, and have remote desktop manager auto-log me in.
I currently use the User Specific Settings overrides to save my login, domain, and password, for some of these servers. I just need a way to get RDM to prompt me for my Yubikey username.
Thanks!
All Comments (8)
Hello,
Currently, the only option would be to use a typing macro, in the events - after connect tab.
Is the login window the typical one?
Maurice
Hi Maurice,
The login window is the typical one, however the username is the OTP. I went to use the typing macro, however I couldn't figure out how to get it to prompt me for the value. As I would need to give this every single session.
The other possibility would be to have RDM prompt me for the username and password before starting the session, with the default username and password filled in, and then using those values to auto-login quickly.
My main issue is I am using some large complex passwords that I'd rather not have to type every single time.
Hello,
The only solution with the current feature set is to use a keyboard macro.
If the focus is in the username control when the login form pops up, the macro would be like this
{TAB}$PASSWORD$+{TAB}
The first {TAB} moves the focus to the password control, the $PASSWORD$ variable fills the password in the control, then +{TAB} is in fact SHIFT-TAB which steps back to the username control. You will then enter your OTP and hopefully pressing enter will perform the submit.
In order to have the password available as a variable, you must go in the advanced settings of the session and check "allow password use in variable"
Maurice
Hi Maurice,
That worked okay. Though I am running the latest version and I noticed that "{TAB}$PASSWORD$+{TAB}" resulted in the first part of my password being put in the username, and the second part in the password. So I change this to "OTP{DELAY}{TAB}$PASSWORD$+{TAB}" and it seems to work fine, though I did have some issues.
It would be good if RDM could put a feature in to prompt for the user, pass, and domain, for any type of connection, and auto-fill in defaults for them. This would make it easy for the use of OTP keys.
This macro doesn't seem to be reliable.
Thanks,
Uriah
I have submitted a feature request for a {PROMPT} variable
I cannot say if it will be accepted.
Macros are a great way to circumvent all of these complex issues we run into for the technologies we interface with, but they should be seen as something that simulates user interaction and they do need fine tuning to adapt to each use case.
Best regards,
Maurice
Hi Maurice,
That's fair enough. There's already an option somewhere to "Prompt for login" details, it would be good if there was an option to allow it to prompt even if the override details were set, so that it could autofill with the user override and still prompt.
This would immediately allow this to work great for OTP.
Anyhow, thanks for the feature request!
Uriah
We are on the verge of using ubikey the same way as described bij by uriah. But we want to use credentials from the Credential Repository or from My Personal Credentials. When i use the macro described, it does not work. Or it works outside the credential popup, or it works after the credential popup (depending on the delay configured). Is the {PROMPT} variable already accepted? If not, can i use a script to configure a variable which i then can add tot the username? Environment variables would work if they where not "process session" based :(
Hello,
Sadly no, it hasnt been implemented yet.
The "environment" is indeed tied to the current workspace, so no luck on that end.
Maurice