Show Contents / Index / Search

Configure SecurID Authentication

RSA SecurID® is an authentication solution from RSA Security, Inc. It is based on hardware or software tokens. Users authenticate by entering a personal identification number (PIN), and a code which is generated by the token. The token code changes every 60 seconds.

Reflection for Secure IT supports the RSA Authentication Agent for PAM, which allows RSA SecurID tokens to be used when connecting to the server. The RSA Authentication Agent for PAM must be running on the same host as the Secure Shell server. We recommend that you familiarize yourself with the RSA ACE/Server documentation before using SecurID.

To configure support for RSA SecurID tokens on the client

  1. Open the client configuration file (/etc/ssh2/ssh2_config) in a text editor.
  2. Enable keyboard-interactive authentication:

    AllowedAuthentications=keyboard-interactive

To configure support for RSA SecurID tokens on the server

  1. Open the server configuration file (/etc/ssh2/sshd2_config) in a text editor.
  2. Enable keyboard-interactive authentication and configure the server to use PAM for authentication and password management:

    AllowedAuthentications=keyboard-interactive

    AuthKbdInt.Required=pam

To start the server

You need to set the environment variable VAR_ACE before you start the Secure Shell server. This variable must point to the directory of the RSA Agent for PAM installation that contains the sdconf.rec file.

  • To set the environment variable and start the server:

    $ VAR_ACE=/opt/ace/data /usr/sbin/sshd2

    Note: To make the environment variable change persist through a restart, you can modify the server startup script, or modify the root user's default profile.

Related Topics

Configure PAM Authentication

Pluggable Authentication Modules (PAM)