Jesse Nelson <[EMAIL PROTECTED]> queried the List:
.>Can anyone point me in the right direction of getting ssh2 compiled
.>with ACE (secureID) server support ?
Piotr Zbiegiel <[EMAIL PROTECTED]> recently offered a patch for imposing
ACE (SecurID) two-factor authentication on SSH2. (Piotr was running an
ACE 4.0 Server and clients and SSH version 2.0.13. I'll attach the
Zbiegiel/McKillican patch, but if it doesn't make it through your
gateway, write and I'll forward it directly. Piotr, is it stored online
anywhere?)
Without a modified client, of course, this arrangement can not support
the ACE functions which, at request, allow a remote user to change his or
her PIN, or the ACE "Next Code" mode -- which is a set of interactive
functions by which the ACE/Server resynchs itself to the clock-chip in a
errant SecurID token, then re-validates the SecurID with a demand for two
valid SecurID token-codes (in addition to the user-memorized PIN.)
Martin Forssen <[EMAIL PROTECTED]> also recently noted here that his
firm's AppGate Server offers a full-service integration of ACE/SecurID
authentication (among others, including Entrust, iD2, Telia EID) in SSH2.
See: <http://www.appgate.com/products/appgate_server.html>
Given the widespread use of SecurID authentication to enhance SSH1, and
vice versa, I'm surprised there are not more commercial or
non-commercial SSH2/SecurID options. Anyone know of any others?
Suerte,
_Vin
--------
[Earlier message on a SecurID SSH2 patch.]
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Zbiegiel, Piotr
> Sent: Tuesday, May 23, 2000 1:03 PM
> To: '[EMAIL PROTECTED]'
> Cc: Berk, David; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: RE: Any luck with SSH2 and SecurID?
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Here is the patch that I generated from my SecurID-enabled SSH2.
> Basically I didn't need to write any new code. I took Mr.
> McKillican's code for SecurID support in ssh1 and massaged it to work
> with ssh2.
>
> Important changes: I took out the /etc/securid.users file check
> because we did not require it here. It should be pretty easy to put
> back in if you really need it.
>
> I build this with the ACE 4.0 Server and Agents and SSH 2.0.13.
>
> The file that needs patching is: ssh-2.0.13/apps/ssh/auths-passwd.c
>
> Requirements:
>
> You need to configure ssh with:
>
> --with-securid=/path/to/ACE/header/files
>
> After the build, you must define the following environment variables
> before executing sshd:
>
> VAR_ACE=/data/dir/in/ACE/install
> USR_ACE=/prog/dir/in/ACE/install
>
> I put these in the sshd2 startup script.
>
> Let me reiterate:
>
> 1. I built this using the ACE 4.0 Server and clients and SSH version
> 2.0.13. I don't know if this works with previous versions of ACE
> and/or SSH. Your mileage may vary!
>
> 2. Make sure you give the correct path to the --with-securid option
>
> 3. Make sure you define the environment variables above BEFORE
> running sshd2
>
>
> I provide no guarantees for this code. It works in my particular
> situation. Hope that helps out.
>
> Later,
>
> Piotr T Zbiegiel
>
>
> - -------------------------------------
> Note: When you are instructed to press RETURN, pressing ENTER will
> have the same effect.
>
ssh-2.0.13.securid.patch
