Using SFTP (SSH) with Radius/RSA SecurID

(Requires the SFTP module; two-factor authentication available in AAM) Authenticating with RADIUS/RSA SecurID can be a multi-step process on your first login, as you establish your PIN. The server can request additional information from the user or device, such as a secondary password. The secondary password prompt can cause problems with SFTP clients who may not allow multiple prompts.

For example, in the screenshot above:

  • The first login is a successful login for the user khy (the PIN had already been setup elsewhere).

  • The second login attempt by khy is made after the administrator forces PIN setup on the next login (done through the RADIUS/RSA configuration console elsewhere, not in EFT).

To successfully complete the PIN change with OpenSSH SFTP client

  • Specify the option:

  • "-oNumberOfPasswordPrompts=N"

    This option allows multiple password prompts up to the number (N) that you specify.

Refer to the OpenSSH man pages for more information: http://www.manpagez.com/man/5/ssh_config/.

Related Topics