Thanks Cornelius,
I did try the pam solution, RSA has a client on their website and claims to be
usable with 4.1p1 so I downloaded that and compiled everything together. It all
seems to work up until the user enters the passcode, even with known good
tokens it fails. The Ace server is giving errors saying invalid passcode.
Has anyone on the list used the RSA client with securID rather than radius and
had any luck?
Thanks
Doug Leece
-----Original Message-----
From: Cornelius Koelbel [mailto:cornelius.koelbel@gmx.de]
Sent: Thursday, March 02, 2006 3:53 PM
To: secureshell@securityfocus.com
Subject: Re: SecurID and SSH
Hi there,
I have tested two different ways:
The one is to take an OTP-Token - in my case the Aladdin eTokenNG - and
just change the pam config using the pam_radius module.
This works without fiddling around with the code.
But the even nicer way is, to use smartcards to authenticate against the
ssh-server. There is a pkcs11-patch for openssh that enables you to use
the private key from your smartcard.
regards
Cornelius
Doug.Leece@bell.ca schrieb:
Hello,
I have had a request to implement 2 factor authentication for some servers
running SSH. We already have an extensive RSA SecurID infrastructure so that
seems the obvious choice. I have tracked down a patch to the code that
supports SecurID, http://www.omniti.com/~jesus/projects and I was wondering
if there is a better way or if anyone has had success implementing SecurID
authentication for OpenSSH.
Thanks in advance,
Doug Leece
--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.
MailScanner dankt transtec Computer für die freundliche Unterstützung.
