Using SFTP (SSH) with Radius/RSA SecurID

(Requires the SFTP module; two-factor authentication available in AAM) Authenticating with RADIUS/RSA SecurID can be a multi-step process on your first login, as you establish your PIN. The server can request additional information from the user or device, such as a secondary password. The secondary password prompt can cause problems with SFTP clients who may not allow multiple prompts.

For example, in the screenshot above:

• The first login is a successful login for the user khy (the PIN had already been setup elsewhere).

• The second login attempt by khy is made after the administrator forces PIN setup on the next login (done through the RADIUS/RSA configuration console elsewhere, not in EFT).

To successfully complete the PIN change with OpenSSH SFTP client

• Specify the option:

"-oNumberOfPasswordPrompts=N"

This option allows multiple password prompts up to the number (N) that you specify.

Refer to the OpenSSH man pages for more information: http://www.manpagez.com/man/5/ssh_config/.

Related Topics

• Adding RADIUS for User Authentication

• Enabling or Disabling RADIUS