Our company manages hundreds of Linux servers which would be nice to keep organized in a tool like mRemoteNG.
The problem is, all our servers are inside a private network that can only be connected through a gateway server. We use SSH tunneling for this.
There are a few tools out there that offer saving a tunnel profile before connecting to a server, but our gateway server has a two-factor authentication check (SSH keyboard-interactive authentication) which most tools seem to get blocked by.
Is there a way to set up PuTTY or any other tool to recognize the 2-FA on the tunnel so I can confirm the verification code before moving on?
I know this is possible because WinSCP does it on its SSH File Transfer Protocol (SFTP) connections:
Best Answer
I can see three options (with PuTTY).
Two profiles
A (probably obvious) simple solution (while not so user friendly) is to create two profiles in PuTTY.
Use WinSCP
As you are already using WinSCP, you can use it as a connection manager for PuTTY.
Once you are connected to the target server with WinSCP (which forwards the port behind the scenes), just use "Open in PuTTY" command to open PuTTY connection to the target server via the tunnel opened by WinSCP.
(for tunneled connections, you unfortunately cannot use "Open in PuTTY" straight off the Login dialog)
Local proxy command with GUI authentication
In PuTTY, you can create a profile with tunneling using "local proxy command". In that command, you can use
plink
tool (from PuTTY package) to create a tunnel using-nc
switch.Normally the proxy command cannot have any UI (as it's a hidden console application), so public key authentication (that has no prompts) is needed. But as it's quite often, that you need some GUI for the authentication, there are clones of Plink that do the authentication with GUI. Those are commonly used with versioning software (like Git, SVN, CVS), which internally use those Plink clones as an SSH transport.
For example, you can take
TortoisePlink.exe
from TortoiseSVN project, to can create a proxy command like:(note the double backslashes in the path)
The above will grant you an experience like this: