View Single Post
  #1  
Old 01-22-2016, 10:59 AM
bposner bposner is offline
Registered User
 
Join Date: Oct 2013
Posts: 3
RSA SecurID PIN setup doesn't work under SSH session

Hey All, got a head scratch-er for ya...

We're implementing RSA SecurID 2-Factor logins for all of our Cisco gear. We currently use Cisco ACS 5.8 and TACACS+ for all of our AAA needs. We've got the RSA server and ACS talking nicely now. However, we cannot seem to get token PINs setup when using an SSH session in SecureCRT. I can use any other SSH software (OSX terminal, Putty on Windows) or a standard Telnet session but NOT an SSH session in SecureCRT.

When we setup a new token, the user connects to a switch/router with their login name and then enters just their token code as read from their hardware or soft token. The systems then processes the user as setting up their PIN and will prompt accordingly. They then enter their PIN twice, once at each prompt, and then, usually they're all set. Any subsequent logins afterwards are performed using their login name and PASSCODE (PIN + TOKENCODE).

This PIN setup process is the one that doesn't work in SecureCRT under an SSH session. Instead of getting the PASSCODE prompt we get a standard Password prompt and no PIN setup dialogs as all. This process works under a telnet session and it works in SSH for other SSH applications... very weird. Once the PIN is setup SSH under SecureCRT works fine. It's just this PIN setup that is borked.

Anyone have any ideas? I have tried enabling "Display logon prompts in the terminal window" in the Logon Actions area for a session but it didn't seem to help.

Thanks,
BPosner
Reply With Quote