VanDyke Software



How to Configure SecureCRT to Handle "Accept and Acknowledge" Logons to PaloAlto and Similar Firewalls

Is this you?

  • My PaloAlto firewall has the "Accept and Acknowledge" statement enabled...
  • My firewall requires admin to acknowledge a warning...

You can configure SecureCRT to handle "accept and acknowledge" interactions using the keyboard-interactive authentication method.

When a device requires that a user connecting via SSH "accept and acknowledge" something with a "y/n" or "yes/no" reply, such interaction typically requires the keyboard-interactive authentication method.

Here's how you configure SecureCRT to utilize the keyboard-interactive authentication method even if a remote host still offers support for other authentication methods (like password, public key, etc.):

  1. Make sure you're disconnected.
  2. Open Session Options (Options / Session Options).
  3. Navigate to the SSH2 category.
  4. Make sure the Keyboard-Interactive authentication method is enabled.
  5. Move the Keyboard-Interactive method to the top of the list.
  6. Press the OK button to save your changes.
Configuring SecureCRT to use Keyboard-Interactive authentication

If you need to make this change of auth-order preference to more than one session:

  • Consider using the Default session (see the tip, Changing Default Settings for New and Existing Sessions) to make the change and apply that change to all of your existing sessions when prompted;
  • If you only want to make changes to a list of sessions contained within a folder in SecureCRT's Session Manager, right-click that folder and choose Properties. You will then be able to edit the properties of all saved sessions in that specific folder at once (the options for the first session in that sub-folder will be displayed);
  • If you only want to make the changes to two or three sessions, use Ctrl+click to select those sessions in SecureCRT's Session Manager, right-click them, and then choose Properties.

Additional Tip

If you want to automate the response, consider this approach:

  • In the Session Options Logon Actions category, enable the Display logon prompts in terminal window option.
  • Enable the Automate logon option.
  • Disable the Send initial carriage return option.
  • Delete the default "Login:" and "Password:" Expect/Send entries listed initially, and replace them with your own Expect text (what are the last few words/characters of the prompt you see from the remote system?) and Send text (what would you normally type in as a reply in order to move forward?).
Automating logon option to respond with your own 'Expect and 'Send' text

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.