This is a discussion on RE: SecurID and SSH - openssh ; Thanks Cornelius, I did try the pam solution, RSA has a client on their website and claims = to be usable with 4.1p1 so I downloaded that and compiled everything = together. It all seems to work up until the ...
I did try the pam solution, RSA has a client on their website and claims =
to be usable with 4.1p1 so I downloaded that and compiled everything =
together. It all seems to work up until the user enters the passcode, =
even with known good tokens it fails. The Ace server is giving errors =
saying invalid passcode.
Has anyone on the list used the RSA client with securID rather than =
radius and had any luck?=20
From: Cornelius Koelbel [mailto:firstname.lastname@example.org]
Sent: Thursday, March 02, 2006 3:53 PM
Subject: Re: SecurID and SSH
I have tested two different ways:
The one is to take an OTP-Token - in my case the Aladdin eTokenNG - and
just change the pam config using the pam_radius module.
This works without fiddling around with the code.
But the even nicer way is, to use smartcards to authenticate against the
ssh-server. There is a pkcs11-patch for openssh that enables you to use
the private key from your smartcard.
> I have had a request to implement 2 factor authentication for some =
servers running SSH. We already have an extensive RSA SecurID =
infrastructure so that seems the obvious choice. I have tracked down a =
patch to the code that supports SecurID, =
http://www.omniti.com/~jesus/projects and I was wondering if there is a =
better way or if anyone has had success implementing SecurID =
authentication for OpenSSH.
> Thanks in advance,
> Doug Leece
> Diese Nachricht wurde auf Viren und andere gef=E4hrliche Inhalte =
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> MailScanner dankt transtec Computer f=FCr die freundliche =