Using SFTP (SSH) with Radius/RSA SecurID

(Two-factor authentication available in EFT Server Enterprise) Authenticating with RADIUS/RSA SecurID can be a multi-step process on your first login, as you establish your PIN. The server can request additional information from the user or device, such as a secondary password. The secondary password prompt can cause problems with SFTP clients who may not allow multiple prompts.

For example in the screenshot:

  • The first login is a successful login for the user khy (the PIN had already been setup elsewhere).

  • The second login attempt by khy is made after the administrator forces PIN setup on the next login (done through the RADIUS/RSA configuration console elsewhere, not in EFT Server).

To successfully complete the PIN change with OpenSSH SFTP client, you have to specify the option:

"-oNumberOfPasswordPrompts=N"

This option allows multiple password prompts up to the number (N) that you specify.

 illust_rsalogin.png

Refer to the OpenSSH man pages for more information: http://www.manpagez.com/man/5/ssh_config/.

Related Topics

Adding RADIUS for User Authentication

Enabling or Disabling RADIUS for a Settings Template

Enabling or Disabling RADIUS for a User Account