Thanks Cornelius,

I did try the pam solution, RSA has a client on their website and claims =
to be usable with 4.1p1 so I downloaded that and compiled everything =
together. It all seems to work up until the user enters the passcode, =
even with known good tokens it fails. The Ace server is giving errors =
saying invalid passcode.

Has anyone on the list used the RSA client with securID rather than =
radius and had any luck?=20

Thanks
Doug Leece


-----Original Message-----
From: Cornelius Koelbel [mailto:cornelius.koelbel@gmx.de]
Sent: Thursday, March 02, 2006 3:53 PM
To: secureshell@securityfocus.com
Subject: Re: SecurID and SSH


Hi there,
I have tested two different ways:
The one is to take an OTP-Token - in my case the Aladdin eTokenNG - and
just change the pam config using the pam_radius module.
This works without fiddling around with the code.
But the even nicer way is, to use smartcards to authenticate against the
ssh-server. There is a pkcs11-patch for openssh that enables you to use
the private key from your smartcard.
regards
Cornelius
Doug.Leece@bell.ca schrieb:
> Hello,
>=20
> I have had a request to implement 2 factor authentication for some =

servers running SSH. We already have an extensive RSA SecurID =
infrastructure so that seems the obvious choice. I have tracked down a =
patch to the code that supports SecurID, =
http://www.omniti.com/~jesus/projects and I was wondering if there is a =
better way or if anyone has had success implementing SecurID =
authentication for OpenSSH.
> Thanks in advance,
> Doug Leece
>=20
> =20
>=20
>=20
> --
> Diese Nachricht wurde auf Viren und andere gef=E4hrliche Inhalte =

untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> MailScanner dankt transtec Computer f=FCr die freundliche =

Unterst=FCtzung.
>=20
>=20