Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 01-22-2016, 10:59 AM
bposner bposner is offline
Registered User
 
Join Date: Oct 2013
Posts: 3
RSA SecurID PIN setup doesn't work under SSH session

Hey All, got a head scratch-er for ya...

We're implementing RSA SecurID 2-Factor logins for all of our Cisco gear. We currently use Cisco ACS 5.8 and TACACS+ for all of our AAA needs. We've got the RSA server and ACS talking nicely now. However, we cannot seem to get token PINs setup when using an SSH session in SecureCRT. I can use any other SSH software (OSX terminal, Putty on Windows) or a standard Telnet session but NOT an SSH session in SecureCRT.

When we setup a new token, the user connects to a switch/router with their login name and then enters just their token code as read from their hardware or soft token. The systems then processes the user as setting up their PIN and will prompt accordingly. They then enter their PIN twice, once at each prompt, and then, usually they're all set. Any subsequent logins afterwards are performed using their login name and PASSCODE (PIN + TOKENCODE).

This PIN setup process is the one that doesn't work in SecureCRT under an SSH session. Instead of getting the PASSCODE prompt we get a standard Password prompt and no PIN setup dialogs as all. This process works under a telnet session and it works in SSH for other SSH applications... very weird. Once the PIN is setup SSH under SecureCRT works fine. It's just this PIN setup that is borked.

Anyone have any ideas? I have tried enabling "Display logon prompts in the terminal window" in the Logon Actions area for a session but it didn't seem to help.

Thanks,
BPosner
Reply With Quote
  #2  
Old 01-22-2016, 11:27 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi BPosner,

SecureCRT defaults to password authentication if the server indicates that it supports password authentication. It sounds like the server either doesn't support password authentication or doesn't support password authentication for this specific scenario even though it sounds like the server is advertising support for password authentication.

If you move Keyboard Interactive authentication to the top of the Authentication list for your session, do you get better results?

You can make this change in the Quick Connect dialog or in the Connection / SSH2 category of the Session Options dialog if you have a saved session.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by rtb; 01-22-2016 at 11:28 AM. Reason: Adding further clarification to the potential problem in the first sentence.
Reply With Quote
  #3  
Old 01-22-2016, 11:51 AM
bposner bposner is offline
Registered User
 
Join Date: Oct 2013
Posts: 3
that worked perfectly! thanks very much!
Reply With Quote
  #4  
Old 01-22-2016, 12:49 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi BPosner,

Thanks for the update. I am glad to hear that you have a solution.

If you want to modify the default used by SecureCRT or you want to modify some of your sessions to use Keyboard Interactive authentication, you can use one of the following tips:
http://www.vandyke.com/support/tips/defaultset.html
http://www.vandyke.com/support/tips/multisessions.html
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #5  
Old 02-26-2016, 01:36 PM
netguy netguy is offline
Registered User
 
Join Date: Feb 2016
Posts: 1
RSA SecurID PIN

Bpsoner,

I was really curious on your implementation of RSA authentication. Our organization currently has a requirement for two factor authentication. We are currently using Cisco ACS and TACACs+ for AAA as well. Curious to know what RSA server software, hardware tokens, etc. that you used.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 07:42 PM.