Thanks Cornelius,

I did try the pam solution, RSA has a client on their website and claims =
to be usable with 4.1p1 so I downloaded that and compiled everything =
together. It all seems to work up until the user enters the passcode, =
even with known good tokens it fails. The Ace server is giving errors =
saying invalid passcode.

Has anyone on the list used the RSA client with securID rather than =
radius and had any luck?=20

Doug Leece

-----Original Message-----
From: Cornelius Koelbel []
Sent: Thursday, March 02, 2006 3:53 PM
Subject: Re: SecurID and SSH

Hi there,
I have tested two different ways:
The one is to take an OTP-Token - in my case the Aladdin eTokenNG - and
just change the pam config using the pam_radius module.
This works without fiddling around with the code.
But the even nicer way is, to use smartcards to authenticate against the
ssh-server. There is a pkcs11-patch for openssh that enables you to use
the private key from your smartcard.
Cornelius schrieb:
> Hello,
> I have had a request to implement 2 factor authentication for some =

servers running SSH. We already have an extensive RSA SecurID =
infrastructure so that seems the obvious choice. I have tracked down a =
patch to the code that supports SecurID, = and I was wondering if there is a =
better way or if anyone has had success implementing SecurID =
authentication for OpenSSH.
> Thanks in advance,
> Doug Leece
> =20
> --
> Diese Nachricht wurde auf Viren und andere gef=E4hrliche Inhalte =

> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> MailScanner dankt transtec Computer f=FCr die freundliche =