can't log in using an rsa securid fob

[GoogleCodeExporter]

What steps will reproduce the problem?
1. try to login to a server that wants a passcode
2.
3.

What is the expected output? What do you see instead?
it says password authentication fails, never asks for a passcode

What version of the product are you using (you can see this by using Menu
-> About in the Host List)? 1.5.5

What type of system are you trying to connect to?

If you are able to connect, what is the output of "echo $TERM", "uname -a",
and any other relevant information on the host?

Please provide any additional information below.

Original issue reported on code.google.com by ian.dewb...@gmail.com on 8 Nov 2009 at 12:47

[GoogleCodeExporter]

Can you either attach a log from OpenSSH doing "ssh -v" to the server in 
question or
email it to me? You'll probably need to redact it, but I have no idea what kind 
of
authentication mechanism it's trying to use if keyboard-interactive doesn't 
work.

Original comment by kenny@the-b.org on 8 Nov 2009 at 12:54

[GoogleCodeExporter]

I've copied the log below.  Thanks a lot for getting back to me so quickly!

xxx.org%> ssh -v xxxxx@yyyyyy.edu
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to xxxxxx.edu [xxxxx] port 22.
debug1: Connection established.
debug1: identity file /homes/nber/xxxxx/.ssh/identity type -1
debug1: identity file /homes/nber/xxxxx/.ssh/id_rsa type -1
debug1: identity file /homes/nber/xxxxx/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xxxxxxxx' is known and matches the RSA host key.
debug1: Found key in /homes/nber/xxxxxx/.ssh/known_hosts:14
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
Enter PASSCODE: [key fob code here]
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Fri Nov  6 11:12:07 2009 from dhcp-73-28.xxxxx.org

Original comment by ian.dewb...@gmail.com on 8 Nov 2009 at 1:12

[GoogleCodeExporter]

I'm having the same issue here.  Attached is the sanitized output from a 
successful
login from my Fedora 11 box to the remote system. 

Original comment by BiloxiG...@gmail.com on 11 Nov 2009 at 8:55

Attachments:

• keyfob.txt

[GoogleCodeExporter]

Hm, I tried this using a Yubikey and it worked fine. Maybe it has to do with 
asking
for multiple pieces of information at once.

Original comment by kenny@the-b.org on 25 Nov 2009 at 3:58

• Changed state: Started

[GoogleCodeExporter]

RSA is kindly shipping a SecurID eval kit to me. ETA 2 weeks.

Original comment by kenny@the-b.org on 3 Dec 2009 at 11:07

[GoogleCodeExporter]

my current solution is to simply use connectbot to log in to a machine that 
doesn't
require using the key fob and then using ssh from that machine to the server
requiring the key fob.

Original comment by ian.dewb...@gmail.com on 5 Dec 2009 at 9:10

[GoogleCodeExporter]

RSA refused to ship an eval kit to me because this is an open source project 
and not
commercial.

Could anyone try r451 and see if that helps?

Original comment by kr...@google.com on 20 Dec 2009 at 9:21