From 80b2fd659e2ea47a17c638bff2a632b257cdc345 Mon Sep 17 00:00:00 2001
From: Thomas Hendrickson <thomas.hendrickson@praetorian.com>
Date: Wed, 1 Feb 2023 18:24:45 -0500
Subject: [PATCH] ssh keyboard interactive auth check

---
 pkg/plugins/services/ssh/ssh.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/plugins/services/ssh/ssh.go b/pkg/plugins/services/ssh/ssh.go
index 5edb018..dfc7311 100644
--- a/pkg/plugins/services/ssh/ssh.go
+++ b/pkg/plugins/services/ssh/ssh.go
@@ -229,6 +229,16 @@ func (p *SSHPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Tar
 	conf := ssh.ClientConfig{}
 	conf.Auth = nil
 	conf.Auth = append(conf.Auth, ssh.Password("admin"))
+	conf.Auth = append(conf.Auth,
+		ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) ([]string, error) {
+			answers := make([]string, len(questions))
+			for i := range answers {
+				answers[i] = "password"
+			}
+			return answers, nil
+		}),
+	)
+
 	conf.User = "admin"
 	conf.HostKeyCallback = ssh.InsecureIgnoreHostKey()
 	// use all the ciphers supported by the go crypto ssh library
@@ -254,7 +264,7 @@ func (p *SSHPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Tar
 
 	authClient, err := ssh.Dial("tcp", target.Address.String(), &conf)
 
-	passwordAuth = strings.Contains(err.Error(), "password")
+	passwordAuth = strings.Contains(err.Error(), "password") || strings.Contains(err.Error(), "keyboard-interactive")
 	if authClient != nil {
 		authClient.Close()
 	}