Linux dial-up with a SecurID one-shot password device - Xubuntu and WVDIAL

Updated: 4 September 2007

Home... Help... Search... Computers...

Linux dial-up with a SecurID one-shot password device - Xubuntu and WVDIAL

The SecurID problem

Many companies, including my employer, use one-shot password devices for remote access. You dial-up the RAS number, enter your username and password, then a PPP session is established. The difficult bit is that your password is never the same. The SecurID device is a small keytag that shows a 6 digit number that changes every minute. In my case, a fixed personal PIN plus the number from the SecurID are added together to make the password. Getting that to work from a Linux client is a bit tricky, but here is how I got it working using WVDIAL

Why not use one of the GUI PPP dialers?

like KPPP or the Network tool in GNOME. The answer is that they expect a fixed password for each connection, and don't provide a terminal mode access so you can enter the one-shot password. (or if they do, I couldn't work out how 8-<).

I did experiment with Minicom, with the idea of dialing up using it, quitting without resetting the modem, then running pppd as root, but I could not even get Minicom to find the modem in the old Thinkpad A22m laptop I am using.

Enter WVDIAL

WVDIAL The laptop has Xubuntu as I have only 128MB RAM and my favourite distro Ubuntu 6.06 LTS is too big. WvDial is installed by default.

Here's what I do:-

1. open a terminal window and su - to become root

2. enter wvdialconf to configure WvDial. It does this auto-magically. Here is what I saw 

  Editing `/etc/wvdial.conf'.
  
  Scanning your serial ports for a modem.
  
  Modem Port Scan<*1>: Scanning ttyLTM0 first, /dev/modem is a link to it.
  ttyLTM0<*1>: ATQ0 V1 E1 -- OK
  ttyLTM0<*1>: ATQ0 V1 E1 Z -- OK
  ttyLTM0<*1>: ATQ0 V1 E1 S0=0 -- OK
  ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 -- OK
  ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 -- OK
  ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK
  ttyLTM0<*1>: Modem Identifier: ATI -- LT V.92 Data+Fax Modem Version 8.31
  ttyLTM0<*1>: Speed 4800: AT -- OK
  ttyLTM0<*1>: Speed 9600: AT -- OK
  ttyLTM0<*1>: Speed 19200: AT -- OK
  ttyLTM0<*1>: Speed 38400: AT -- OK
  ttyLTM0<*1>: Speed 57600: AT -- OK
  ttyLTM0<*1>: Speed 115200: AT -- OK
  ttyLTM0<*1>: Max speed is 115200; that should be safe.
  ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK
  ttyS0<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud
  ttyS0<*1>: ATQ0 V1 E1 -- failed with 9600 baud, next try: 115200 baud
  ttyS0<*1>: ATQ0 V1 E1 -- and failed too at 115200, giving up.
  Modem Port Scan<*1>: S1   S2   S3   S4   S5   S6   S7   S8   
  Modem Port Scan<*1>: S9   S10  S11  S12  S13  S14  S15  S16  
  Modem Port Scan<*1>: S17  S18  S19  S20  S21  S22  S23  S24  
  Modem Port Scan<*1>: S25  S26  S27  S28  S29  S30  S31  S32  
  Modem Port Scan<*1>: S33  S34  S35  S36  S37  S38  S39  S40  
  Modem Port Scan<*1>: S41  S42  S43  S44  S45  S46  S47  
  
  Found a modem on /dev/ttyLTM0, using link /dev/modem in config.
  Modem configuration written to /etc/wvdial.conf.
  ttyLTM0<Info>: Speed 115200; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

3. edit the resulting /etc/wvdial.conf file.

I added my username, the phone number to dial, and commented out the password. Here's what it looks like 

  [Dialer Defaults]
  Init1 = ATZ
  Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
  ; Password = xxxxxx
  Phone = 0198123456
  Modem Type = Analog Modem
  Baud = 115200
  New PPPD = yes
  Modem = /dev/modem
  ISDN = 0
  Username = <Your username>
  ; Phone = <Target Phone Number>
  ; Password = <Your Password>
  ; Username = <Your Login Name>

4. type in the following command

root@snifftoo:/etc# wvdial password=ppppnnnnnn

where "pppp" is the personal PIN (if your company uses one) and "nnnnnn" is the 6 digit code on the SecurID.tag. NOTE wait till the number rolls over to a new one, this gives you a minute before the one-shot password expires. This is more that enough time to make the connection, at least for me 8-). Here are the results 

  --> WvDial: Internet dialer version 1.55
  --> Initializing modem.
  --> Sending: ATZ
  ATZ
  OK
  --> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
  ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
  OK
  --> Modem initialized.
  --> Sending: ATDT0198123456
  --> Waiting for carrier.
  ATDT0198123456
  CONNECT 46666 V44
  --> Carrier detected.  Waiting for prompt.
  == Dial IP ** ==
  
  Username:
  --> Looks like a login prompt.
  --> Sending: *******
  === **** ===
  
  Password:
  --> Looks like a password prompt.
  --> Sending: (password)
      Entering PPP Session.
      IP address is 10.214.139.51
      MTU is 1524.
  --> Looks like a welcome message.
  --> Starting pppd at Tue Sep  4 19:53:47 2007
  --> Pid of pppd: 4726
  --> Using interface ppp0
  --> local  IP address 10.214.139.51
  --> remote IP address 154.135.58.235
  --> primary   DNS address 205.5.35.54
  --> secondary DNS address 205.5.35.75

That's it! You can now telnet, ssh, ftp, web browse, etc.

Note - all the IP addresses above are dummies.

Home... Help... Search... Computers...

This page tardus.net/securIDdialup.html Last refreshed: 04 Oct 2023

About Tardus

Contact me, "Tardus" Copyright powered by txt2tags

Search tardus.net

Search...