Two Factor Authentication?

[fanta]

I was curious as to how/if two factor authentication can be implemented into Filezilla
as shown here: https://github.com/authy/authy-ssh#scp- ... entication
Thanks

[botg]

If you select Interactive as logon type in the Site Manager, you can login on SFTP servers using two or more password prompts.

[yeipi]

I have done the above indicated. However, in every file transfer I need to put both password and code. This is painful. I love Filezila, but using it this way is horrible. Any fix to only put the password and the code once per session (as opposite of per connecction or per transfer)?

Thanks!

JP.

[botg]

No.

[StormTheGates]

I have done the above indicated. However, in every file transfer I need to put both password and code. This is painful. I love Filezila, but using it this way is horrible. Any fix to only put the password and the code once per session (as opposite of per connecction or per transfer)?

No.

I really hate to resurrect a long dead thread but I really want to hit on this point again.

Two factor has become an almost essential part of corporate life. The federal government is mandating it for all new IT contracts on government servers. The STIG guidelines require it. And yet FileZilla is COMPLETELY unusable with it. Entering the code and password every single file transfer is absolutely insane to expect of regular users, and drops the product usability to absolute 0 when working with any type of actually secured system.

As the IT Director of a medium sized business, I have had to migrate all of our users off FileZilla due to this reason.

[jbensonism]

I agree, I'm moving our whole team off of Filezilla as we implement 2 factor auth. This is ridiculous.
I think that this is really the dumbest implementation of 2 factor auth I have seen.

Bye Bye Filezilla.

[botg]

Try using public key authentication with the key loaded in pageant.

[StormTheGates]

Try using public key authentication with the key loaded in pageant.

Its not really a question of alternative measures. I would love to use public key authentication. However, the US Federal government is requiring token based two-factor authentication on all security systems graded "Medium" or higher. I, and many others, do not get a choice in this matter if we wish to continue working.

FileZillas implementation of two-factor makes it nonviable with these government secured setups. So far I have found two other SFTP clients that have a "one time entry" method when it comes to logging in and uploading files that function adequately. While almost all of the users within my organization prefer and wish to stick with FileZilla, its just not possible.

[botg]

That's what I'm saying, one factor is the key pair, the other factor is the code the user has to enter.

[StormTheGates]

That's what I'm saying, one factor is the key pair, the other factor is the code the user has to enter.

Will this solve the problem with the user being prompted for a code/password every single file upload? If so it may be a viable solution I can explore.

Thank you for taking the time to respond to me, I appreciate it.

[botg]

Due to it being two-factor authentication, a new and different code obviously needs to be re-entered on each new connection.

[StormTheGates]

Due to it being two-factor authentication, a new and different code obviously needs to be re-entered on each new connection.

This comment confused me. Is each "new connection" the first time they log in (for that session), or every time they upload a file? Because right now the problem isnt the logging in, that works fine with FileZilla code/password, its that after login each file upload requests the code/password again for every upload.

Yes a new code per login, but if it still gonna ask for a new code per file upload thats a problem. Also it doesnt seem like Interactive login type allows a public key to be saved to the connection profile?

[botg]

Is each "new connection" the first time they log in (for that session), or every time they upload a file? Because right now the problem isnt the logging in, that works fine with FileZilla code/password, its that after login each file upload requests the code/password again for every upload.

By default transfers use independent connections which are closed automatically after some idle time. You can limit the number of connections to each site to one in the Site Manager, note that then you'll lose the ability to browse the server during transfers.

Also it doesnt seem like Interactive login type allows a public key to be saved to the connection profile?

Not per-site, but you could use the global one from the settings dialog.

[StormTheGates]

By default transfers use independent connections which are closed automatically after some idle time. You can limit the number of connections to each site to one in the Site Manager, note that then you'll lose the ability to browse the server during transfers.

Ah ha! This worked great!

For people that come after me, if you need this to work you can set in the File > Site Manager > Transfer Settings set "Limit number of simultaneous connections" to 1

This will prevent the additional code/password popups from coming up every single file upload.

Thank you for your help!

[gajendra04]

Hi,

I have done configuration in my linux server. Now I am able to auth 2FA in Putty session successfully. But it is not working in FileZilla. Please help me to troubleshoot this issue.

I am getting below error

Command: open "root@192.168.xx.xx" 22
Error: Server unexpectedly closed network connection
Error: Could not connect to server

also I am confused about this section of configuration in link. Please let me know how we can do this.
scp, sftp, mosh and git push with two-factor authentication.

Help will be appreciated .

Regards
Gajendra