SecurID
If SecurID is to be used, the Keyboard-Interactive
authentication method must be enabled on the client.
Please familiarize yourself with the RSA ACE/Server
documentation before reading further.
In the instructions below, the /top directory refers
to the RSA ACE/Server top-level directory.
- In order to enable SecurID support, you need to compile
the source code on a computer where RSA ACE/Server
(master or slave) or RSA ACE/Agent software is already
installed, configured, and running.
./configure --with-serversecurid[=/PATH]
make
make install
Replace /PATH with the absolute PATH to the directory containing
the sdiclient.a file.
For RSA ACE/Server 4.0 the file is usually located in the
/top/ace/examples directory, for 5.0 in the /top/ace/inc directory.
Note: If you do not want to make the compilation as
root, make sure that all the above-mentioned files are readable by the
user you are compiling as.
- When using the Keyboard-Interactive SecurID submethod, make sure that you
have the following lines in the
/etc/ssh2/sshd2_config file:
AllowedAuthentications keyboard-interactive
AuthKbdInt.Optional securid
And the following line in the /etc/ssh2/ssh2_config file:
AllowedAuthentications keyboard-interactive
In case you are not using Keyboard-Interactive, make sure that you have the
following line both in your /etc/ssh2/sshd2_config file and in your
/etc/ssh2/ssh2_config file:
AllowedAuthentications securid-1@ssh.com
- Check that the user's shell is not
/top/ace/prog/sdshell.
- Start RSA ACE/Server.
- Check that the
VAR_ACEsshd2, and its value must be /top/ace/data.
- Start
sshd2.
See Section Keyboard-Interactive Authentication for more information on
keyboard-interactive authentication.
Note: SSH Communications Security does not provide
technical support on how to configure RSA ACE/Server.
Our support only covers SSH Secure Shell applications
.
