Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

RSA SecurID Submethod

RSA SecurID is a widely-used two-factor authentication method based on the use of SecurID Authenticator tokens. In SSH Tectia, support for RSA SecurID is enabled as a submethod of keyboard-interactive authentication.

The prerequisite for enabling SecurID support in SSH Tectia Server is that RSA Authentication Agent software (previously RSA ACE/Agent) is installed on the server host. When RSA SecurID is used, SSH Tectia Server queries the user for the token's numerical code and passes the code to RSA Authentication Agent for verification. RSA Authentication Agent then returns the success or failure of the authentication to SSH Tectia Server.

To use SecurID authentication, you should be familiar with the operation of RSA Authentication Manager (RSA ACE/Server).

[Note]Note

For the SecurID authentication to work with SSH Tectia Server on Unix, the RSA ACE/Agent libaceclnt.so library has to be available in the /usr/lib directory (alternatively /user/ace/lib or /opt/ace/lib).

The following example shows settings for keyboard-interactive authentication using the SecurID submethod in the ssh-server-config.xml file:

<authentication-methods>
  <authentication action="allow">
    <auth-keyboard-interactive max-tries="3" failure-delay="2">
      <submethod-securid />
    </auth-keyboard-interactive>
  ...
  </authentication>
</authentication-methods>

Giving the dll-path attribute is not required. SSH Tectia Server locates the libraries automatically.

On Windows, using the SSH Tectia Server Configuration tool, keyboard-interactive authentication can be configured on the Authentication page. See Authentication.

For more information, see the separate RSA SecurID Ready Implementation Guide for SSH Tectia, available from the RSA web site (http://www.rsasecured.com/).

[Note]Note

SSH Communications Security does not provide technical support on how to configure RSA Authentication Manager (RSA ACE/Server). Our support only covers SSH Tectia applications.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now