SSH (and by association conch) sends feedback to users but unless you ssh -v you won't see much of it. Sending text feedback without using the standard auth methods might require you to move your two factor auth into your protocol but this doesn't feel like a good idea to me. I'm relatively new to conch and my use case is quite different to yours so if I'm wrong and there is a way to do this I hope someone else jumps in to correct me.
I did a quick test with http://twistedmatrix.com/documents/current/api/twisted.conch.checkers.SSHPro... my portals checker and that lets me require both password (something you know) and key (something you have). My test doesn't handle "ticking" already used auth methods off the list of authentications that can continue but I don't think it would be too hard to get that working. I see the following in my ssh client connection when connecting to my server. As I said I don't tick off used methods which is why you see "Authentications that can continue: password,publickey" instead of just password.
$ ssh -v -p 5022 user@localhost OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /home/tom/.ssh/config .... debug1: Remote protocol version 2.0, remote software version Twisted .... debug1: Authentications that can continue: password,publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/tom/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 Authenticated with partial success. debug1: Authentications that can continue: password,publickey .... debug1: Next authentication method: password user@localhost's password: debug1: Authentication succeeded (password). Authenticated to localhost ([127.0.0.1]:5022). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8
Hope that helps.
On Wed, Feb 5, 2014 at 12:03 AM, David Timothy Strauss < email@example.com> wrote:
Is there a straightforward way to send text feedback to users when their authentication fails? At Pantheon, we use a custom implementation of IRealm. I'm hoping there's a way to send or return the output from there.
We particularly need this because users will have various two-factor authentication modes configured, and a simple pass/fail for authentication will leave many scratching their heads.
I don't see any examples of such output on the relevant documentation page .
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python