Thanks Cornelius, I did try the pam solution, RSA has a client on their website and claims to be usable with 4.1p1 so I downloaded that and compiled everything together. It all seems to work up until the user enters the passcode, even with known good tokens it fails. The Ace server is giving errors saying invalid passcode.
Has anyone on the list used the RSA client with securID rather than radius and had any luck? Thanks Doug Leece -----Original Message----- From: Cornelius Koelbel [mailto:[EMAIL PROTECTED] Sent: Thursday, March 02, 2006 3:53 PM To: [email protected] Subject: Re: SecurID and SSH Hi there, I have tested two different ways: The one is to take an OTP-Token - in my case the Aladdin eTokenNG - and just change the pam config using the pam_radius module. This works without fiddling around with the code. But the even nicer way is, to use smartcards to authenticate against the ssh-server. There is a pkcs11-patch for openssh that enables you to use the private key from your smartcard. regards Cornelius [EMAIL PROTECTED] schrieb: > Hello, > > I have had a request to implement 2 factor authentication for some servers > running SSH. We already have an extensive RSA SecurID infrastructure so that > seems the obvious choice. I have tracked down a patch to the code that > supports SecurID, http://www.omniti.com/~jesus/projects and I was wondering > if there is a better way or if anyone has had success implementing SecurID > authentication for OpenSSH. > Thanks in advance, > Doug Leece > > > > > -- > Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht > und ist - aktuelle Virenscanner vorausgesetzt - sauber. > MailScanner dankt transtec Computer für die freundliche Unterstützung. > >
