Keep SFTP Connection Active to Avoid Dual-Factor Reauthentication

4

2

I am using WinSCP to connect via SFTP to a Linux server with dual-factor authentication in place. When I connect, I have to confirm the connection on my cell phone. Each file transfer also counts as an individual "connection" and so for each file I have to check my phone and approve the action.

Is there any way to keep the connection "active" so that I am not reconnecting each time I want to do a transfer? This question seems to be similar but is unanswered, and specifically mentions Google dual-factor. (For reference, my server uses Duo Security if that makes a difference.)

Michael Brandon Morris

Posted 2016-08-23T15:16:45.663

Reputation: 209

Answers

4

You can try using an agent that remembers your credentials, such as Pageant, which is usually installed alongside WinSCP. Depending on the specific 2FA implementation and what the 2FA is actually protecting, that may or may not fix the issue.

If that doesn't work--which, it probably won't--you're stuck limiting WinSCP to a single connection. Unfortunately, that's going to limit the functionality of WinSCP somewhat: background transfers will no longer work. This has a few effects:

  • You won't be able to browse the filesystem while any upload/download operation is in progress.
  • SSH operations, such as the shortcuts to create tarballs, will still require a separate connection, meaning you have to authenticate again.
  • You'll only be able to transfer one file at a time.
  • You'll only be able to queue one object at a time (file or directory)--that is to say, there is no longer a queue. Everything takes place in the foreground, and you have to wait for it to finish before proceeding.

To toggle this state, you need to completely disable background transfers. This isn't quite as straightforward as it could be; there are two places you'll need to adjust settings:

  1. The preferences dialog (Transfer -> Background)
  2. The file transfer dialog at transfer time

Additional useful info on WinSCP website: Transfer Queue

In on the Transfer -> Background preferences page, change the maximum number of simultaneous connection to 1, disable queue processing by default, and make sure any settings related to background transfers are disabled.

At transfer time, you'll see the transfer dialog:

WinSCP transfer dialog

Make sure Transfer on background is unchecked.

Zenexer

Posted 2016-08-23T15:16:45.663

Reputation: 1 022

Side note: You're better off using smart cards with PGP than 2FA for top-notch SSH security. You can even get "universal" security devices like YubiKey that support more than just smart card functionality, and are generally smaller. Just make sure you generate the private key on the card itself and use multiple cards. If you have the same private key on multiple cards, though, you did something very wrong. – Zenexer – 2016-08-31T04:51:11.557

3

Try adjusting the setting "Keepalives" from WinSCP. In the Keepalives box, you may order WinSCP to send some dummy data in regular periods to avoid being disconnected. This period is defined with Seconds between keepalives. Find the full details with screenshots here: http://winscp.net/eng/docs/ui_login_connection

MikeBoss

Posted 2016-08-23T15:16:45.663

Reputation: 76

I don't think this is the issue. The problem is that WinSCP opens fresh connections for file transfers, then closes them when the transfers are complete. These connections exist in parallel to the main connection, regardless of its status. – Zenexer – 2016-09-05T22:10:36.497

Asked: 2016-08-23T15:16:45.663

Viewed: 337 times

Active: 2018-03-15T04:27:08.103