Focus on Sun
SSHD with Secured authentication, using RSA PAM client Jul 31 2007 10:19PM
Edward Reiss (ed reiss convdata com) (4 replies)
RE: SSHD with Secured authentication, using RSA PAM client Aug 06 2007 04:40PM
Christian Lete Viesca (clete itconvergence com) (1 replies)
RE: SSHD with Secured authentication, using RSA PAM client Aug 06 2007 05:25PM
Edward Reiss (ed reiss convdata com)
RE: SSHD with Secured authentication, using RSA PAM client Aug 06 2007 04:04PM
Reg Quinton (reggers ist uwaterloo ca)
Re: SSHD with Secured authentication, using RSA PAM client Aug 04 2007 04:39AM
K K (kkadow gmail com)
Re: SSHD with Secured authentication, using RSA PAM client Aug 04 2007 03:01AM
Asif Iqbal (vadud3 gmail com)
On 7/31/07, Edward Reiss <ed.reiss (at) convdata (dot) com [email concealed]> wrote:
> Greetings,
>
> Has anyone got ssh to authenticate to SecureID? We have to use the version
> of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It

- You have make sure your sshd is pam enabled.
ldd `which sshd` should have libpam in there.

- man sshd_config. Depending on your sshd_config file you need enable
either one of the two `UsePAM' or `PAMAuthenticationViaKBDInt'

We enabled the radius daemon on our SecurID ACE server (RSA) and using
pam_radius (of Freeradius) instead. If you choose that path you need to
pick a radius secret key and need to add that key for your client on
ACE database.

Most of our servers using some flavor of ssh (openssh or sunssh or
ssh) and pam_radius
It basically prompts for Password: (you put your passcode here). We
also have sudo
with pam enabled. So there is no local password needed for users.

These are files I needed to modify
- /etc/raddb/server (only can access raddb dir)
- /etc/pam.conf - just two extra lines; one for sshd and one for sudo
- /etc/ssh/sshd_config OR /usr/local/etc/sshd_config

> seems Solaris always tries to authenticate locally even after I configure

It has nothing to do with Solaris. It is SSHD that you need to configure right.

> pam.conf. RSA has a "work around" but they do not support even the work
> around. RSA will support OpenSSH, but not the sshd included with Solaris.
>

The problem is not ssh difference. It is all handled by pam. Both
SunSSH and OpenSSH
knows how to communicate with PAM if they are compiled with pam library.

> Any help would be appreciated.
>
> _______________________________
>
> Edward Reiss <ed.reiss (at) convdata (dot) com [email concealed]>
> Cell
> 631.681.7181
> Landline
> 518.533.9764
> Fax
> 631.881.5545
> Quis custodiet ipsos custodes?
>
> _______________________________
>
>
>

--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus