Using SFTP (SSH) with Radius/RSA SecurID
(Requires the SFTP module; two-factor authentication available in AAM) Authenticating with RADIUS/RSA SecurID can be a multi-step process on your first login, as you establish your PIN. The server can request additional information from the user or device, such as a secondary password. The secondary password prompt can cause problems with SFTP clients who may not allow multiple prompts.
For example, in the screenshot above:
-
The first login is a successful login for the user khy (the PIN had already been setup elsewhere).
-
The second login attempt by khy is made after the administrator forces PIN setup on the next login (done through the RADIUS/RSA configuration console elsewhere, not in EFT).
To successfully complete the PIN change with OpenSSH SFTP client
-
Specify the option:
"-oNumberOfPasswordPrompts=N"
This option allows multiple password prompts up to the number (N) that you specify.
Refer to the OpenSSH man pages for more information: http://www.manpagez.com/man/5/ssh_config/.
Related Topics