similar to: Samba and the use of smart cards for authentication

When comparing SSH 1.2.27 with OpenSSH 2.5.1 I see that the SecurID code/patch is not in OpenSSH 2.5.1. I'm not sure how or why that happened. Upon looking through the OpenSSH 2.5.1 source, I think I could fairly easily provide a 'SecurID Authentication Method' patch (which would rely on -DHAVE_SECURID, -I/blah/securid/include, and -L/blah/securid/lib... /blah/securid being a

I read the thread on securid back in march. openssh doesn't support it because it's propriatary, right? I understand that, however I've still got a problem. Work use securid *exclusively* using ssh2. It uses an authentication protocol of securid-1 at ssh.com. The client side does *not* need the securid propriatary stuff, no need for the include files or the library. So, given

Hi, I would like to do some development on the securid patch to get it to display the passcode prompt when users log in with securid on ssh. Can anyone tell me which scripts currently handle the logon/password prompt in openssh please? Thanks, JS. _________________________________________________________________ Join the world?s largest e-mail service with MSN Hotmail.

What are the chances of getting the SecurID patch integrated into OpenSSH? I think I asked before and was told that it could be done with PAM, but I (and others) are not satisfied with the PAM support. This "tight" integration seems to work much better. If not, I'll just sit on my rogue patches :-( -- Theo Schlossnagle 1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E 2DC2 72C2 AD05 A8EB

Howdy folks, The chroot patch in the contrib directory had gotten stale and didn't apply cleanly, so I've updated it... The attached patch works fine with 3.0p1. Is there any reason this patch stays in the contrib directory rather than being applied to the source? I find it incredibly useful. Thanks for your hard work on OpenSSH! Bret PS: Please cc me with any responses as I'm

Hello Theo, > > > Could you let me know where this test patch would be available. > > > > Try: > > http://www.omniti.com/~jesus/SecurID/ > > > > -- Regarding your patch, did you continue the integration (mainly: Handle PIN creation and changing ...)? Do you foreseen to transport it in new release 2.3.0p1? Kind regards, Joel

Hello all, new version of SecurID patch is available on http://sweb.cz/v_t_m/ The new version of the patch is extended with "shared logins" possibility. It means that SecurID token can be used to login to an account shared by several persons. This cannot be solved using ACE server standard means. This patch depends on the AuthSelection patch (http://sweb.cz/v_t_m). After applying

Hello all, I looked long and hard for SecurID support for OpenSSH and I have not found it. So, I spent a few hours today and added SecurID authentication support into OpenSSH. Specifically the 2.2.0p1 portability release. I have beat on it for several hours and it seems to work just fine. I don't know if anyone would find these patches useful or not... I also don't know if the

> Hello > I complied openssh like this "./configure --with-pam" and I did configure > /etc/pam.conf as follows > # PAM configuration > # > # Authentication management > # > sshd auth required /lib/security/pam_securid.so reserve > sftp auth required /lib/security/pam_securid.so reserve > # > login auth required

I've been through the archive, and not found anything conclusive, except for a problem report of sorts from Theo E. Schlossnag (who has a set of patches for SecurID integration). I'm about to replace some ssh 1.2.26 (I know!) installations with OpenSSH 2.5.1p2, on Solaris 2.6 sparc boxes, and we use SecurID tokens for these boxes. I've compiled up OpenSSH 2.5.1p2 with --with-pam,

http://bugzilla.mindrot.org/show_bug.cgi?id=966 Summary: Will OpenSSH integrates SecurId ? Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

currently we don't support secure id. On Mon, Oct 01, 2001 at 03:13:10PM +0000, Quick, Edward T wrote: > Hi, > > I'm not sure if this is just the ftp site I downloaded from or not, but the SecurID.diff file (that goes under the contrib directory) on the new openssh2.9.9p2 distribution seems to be missing. > > Regards, > > Edward.

If I were going to do this, I would probably try moving to a Windows 200x AD domain controller, and implementing RSA SecurID on that machine. I have not worked with other OTP solutions. As far as I understand, if Samba is configured as a domain controller, it expects to be able to handle the authentication itself. OTP is , in my opinion, most valuable when you are exposing resources to the

Hello all, I have made SecurID authentication for OpenSSH 3.6.1p2. This patch was totaly rewritten, so please test it before use. Kbd-int authentication is now integrated into challenge response auth. Privsep is now fully suported. PS: What do you think of selective access to the individual authentications, similar to AllowGroups/DenyGroups or maybe AllowUsers/DenyUsers ? Vaclav Tomec

Hi all, I'm new to this mailing list, so I apologize if my question is "obsolete" for you. I'd like to know if anybody has a clear idea about how to connect smartcards to the SSH framework. I yet got a modified ssh-agent (by Stephen Pellicer) that uses SSP-Lite (CyberflexAccess driver by me) in order to use the smartcard instead of the HD files. Instead, I'd like to

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is

Hi, I don't mean to be annoying, but it seems like there isn't any interest in partial authentication. Is this true? It's not a future plan for OpenSSH to have this feature? I'd just like to know if I'm on my own or not. Thanks Erik.

Hello I am compiled openssh3.6.1p2 with PAM and using RSA Security (ACE) token. the command I used to compile ssh as follow: 1. ./configure --with-pam 2. make 3. make install After starting the sshd daemon, I authenticate using the command "ssh xxx.yyy.nih.gov" On the SecurID server I was watching the log monitor and I saw the following errors : "ACCESS DENIED, syntax

Hello All, The attached patch allows openssh to specify which pam service name to authenticate users against by specifying the PAMServiceName attribute in the sshd_config file. Because the parameter can be included in the Match directive sections, it allows different authentication based on the Match directive. In our case, we use it to allow different levels of authentication based on the

I have a few questions: 1) Is OpenSSH 2.9p2 (or any other version of OpenSSH) vulnerable to the same problem as SSH3.0.0? (described here: http://www.kb.cert.org/vuls/id/737451 ) 2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this patch to each new version is growing more difficult as time goes on. Would you consider merging this