ssh proxy does not support keyboard-interactive MFA entry

[kyle0r]

Hey there,

For compliance reasons, MFA our ssh jumphost/goldenhost/bastion is enforces keyboard-interactive login with password and MFA... regardless of the presence key authentication. i.e. the sshd setting prevents the presence of a key from bypassing MFA.

This flow has been in place for years and works well.

Today I was wondering if I could make putty/kitty use the ProxyCommand approach to ssh directly to hosts behind the jumper. This is something easy to do with ssh under linux|osx|cygwin|WSL.

When testing this with plink directly, it works as expected:

When attempting to use the putty equivalent of ssh ProxyCommand ssh -W %h:%p read related stackoverflow answer here, it does not work and I cannot interact with the proxy (jumper) to authenticate.

Here is the proxy command for reference as entered in the kitty Connection -> Proxy -> settings:

PLINK.EXE -ssh -A %user@%proxyhost -P %proxyport -nc %host:%port

I've trying playing around with various plink options but without success.

This isn't an urgent issue, but at-least I've captured it for feedback/resolution.

Thanks for the great kitty app ;)