PuTTY wish authentication-plugin

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Plugin system to help automate keyboard-interactive authentication
class: wish: This is a request for an enhancement.
fixed-in: 15f097f3997c3d0f4720423af9b478a66e844e1d (0.78)

The keyboard-interactive protocol can be used for a lot of different authentication systems, from simple password authentication to OTP or two-factor systems.

As the name suggests, the protocol was originally intended to be used interactively, in the sense that the human user responds to the questions asked by the server.

However, if a two-factor system can be automated, it's annoying to make the user manually re-type or paste the right response from some other source like a web browser. It would be easier if the response could be filled in automatically.

So we've implemented a system where PuTTY can invoke a separate program as a subprocess, and allow it to help with keyboard-interactive authentication by filling in the responses automatically.

The plugin is run in a pair of pipes by PuTTY, and is expected to speak a protocol over those pipes that we designed specially for the purpose. The protocol is described in an appendix of the PuTTY manual. There's an example Python implementation of a plugin in the PuTTY source tree, at contrib/authplugin-example.py.

Examples of authentication systems which could use this:

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2022-10-23 13:44:39 +0100)