Linux dial-up with a SecurID one-shot password device - Xubuntu and WVDIAL
Many companies, including my employer, use one-shot password devices for remote access. You dial-up the RAS number, enter your username and password, then a PPP session is established. The difficult bit is that your password is never the same. The SecurID device is a small keytag that shows a 6 digit number that changes every minute. In my case, a fixed personal PIN plus the number from the SecurID are added together to make the password. Getting that to work from a Linux client is a bit tricky, but here is how I got it working using WVDIAL
like KPPP or the Network tool in GNOME. The answer is that they expect a fixed password for each connection, and don't provide a terminal mode access so you can enter the one-shot password. (or if they do, I couldn't work out how 8-<).
I did experiment with Minicom, with the idea of dialing up using it, quitting without resetting the modem, then running pppd as root, but I could not even get Minicom to find the modem in the old Thinkpad A22m laptop I am using.
[WVDIAL (http://open.nit.ca/wiki/?WvDial] The laptop has [Xubuntu (http://www.xubuntu.org/] as I have only 128MB RAM and my favourite distro Ubuntu 6.06 LTS is too big. WvDial is installed by default.
Here's what I do:-
1. open a terminal window and su - to become root
2. enter wvdialconf to configure WvDial. It does this auto-magically. Here is what I saw
Editing `/etc/wvdial.conf'. Scanning your serial ports for a modem. Modem Port Scan<*1>: Scanning ttyLTM0 first, /dev/modem is a link to it. ttyLTM0<*1>: ATQ0 V1 E1 -- OK ttyLTM0<*1>: ATQ0 V1 E1 Z -- OK ttyLTM0<*1>: ATQ0 V1 E1 S0=0 -- OK ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 -- OK ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 -- OK ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK ttyLTM0<*1>: Modem Identifier: ATI -- LT V.92 Data+Fax Modem Version 8.31 ttyLTM0<*1>: Speed 4800: AT -- OK ttyLTM0<*1>: Speed 9600: AT -- OK ttyLTM0<*1>: Speed 19200: AT -- OK ttyLTM0<*1>: Speed 38400: AT -- OK ttyLTM0<*1>: Speed 57600: AT -- OK ttyLTM0<*1>: Speed 115200: AT -- OK ttyLTM0<*1>: Max speed is 115200; that should be safe. ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK ttyS0<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud ttyS0<*1>: ATQ0 V1 E1 -- failed with 9600 baud, next try: 115200 baud ttyS0<*1>: ATQ0 V1 E1 -- and failed too at 115200, giving up. Modem Port Scan<*1>: S1 S2 S3 S4 S5 S6 S7 S8 Modem Port Scan<*1>: S9 S10 S11 S12 S13 S14 S15 S16 Modem Port Scan<*1>: S17 S18 S19 S20 S21 S22 S23 S24 Modem Port Scan<*1>: S25 S26 S27 S28 S29 S30 S31 S32 Modem Port Scan<*1>: S33 S34 S35 S36 S37 S38 S39 S40 Modem Port Scan<*1>: S41 S42 S43 S44 S45 S46 S47 Found a modem on /dev/ttyLTM0, using link /dev/modem in config. Modem configuration written to /etc/wvdial.conf. ttyLTM0<Info>: Speed 115200; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"
3. edit the resulting /etc/wvdial.conf file.
I added my username, the phone number to dial, and commented out the password. Here's what it looks like
[Dialer Defaults] Init1 = ATZ Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ; Password = xxxxxx Phone = 0198123456 Modem Type = Analog Modem Baud = 115200 New PPPD = yes Modem = /dev/modem ISDN = 0 Username = <Your username> ; Phone = <Target Phone Number> ; Password = <Your Password> ; Username = <Your Login Name>
4. type in the following command
root@snifftoo:/etc# wvdial password=ppppnnnnnn
where "pppp" is the personal PIN (if your company uses one) and "nnnnnn" is the 6 digit code on the SecurID.tag. NOTE wait till the number rolls over to a new one, this gives you a minute before the one-shot password expires. This is more that enough time to make the connection, at least for me 8-). Here are the results
--> WvDial: Internet dialer version 1.55 --> Initializing modem. --> Sending: ATZ ATZ OK --> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 OK --> Modem initialized. --> Sending: ATDT0198123456 --> Waiting for carrier. ATDT0198123456 CONNECT 46666 V44 --> Carrier detected. Waiting for prompt. == Dial IP ** == Username: --> Looks like a login prompt. --> Sending: ******* === **** === Password: --> Looks like a password prompt. --> Sending: (password) Entering PPP Session. IP address is 10.214.139.51 MTU is 1524. --> Looks like a welcome message. --> Starting pppd at Tue Sep 4 19:53:47 2007 --> Pid of pppd: 4726 --> Using interface ppp0 --> local IP address 10.214.139.51 --> remote IP address 18.104.22.168 --> primary DNS address 22.214.171.124 --> secondary DNS address 126.96.36.199
That's it! You can now telnet, ssh, ftp, web browse, etc.
Note - all the IP addresses above are dummies.
This page http://tardus.net/securIDdialup.html published: 4 September 2007