Can I use an RSA SecurID software token on Ubuntu Linux?

Question

I have Windows, Mac, and Linux computers; but I am only able to connect to some of my company's websites through the Windows and Mac machines at the moment because they are the only ones with RSA SecurID software tokens. I'm curious: is it possible to set up a SecurID software token to work on a Linux system (in my case, Ubuntu)?

Answer 1

Recent versions of Ubuntu offer the stoken package, a native open source SecurID implementation that includes a CLI, a GTK+ GUI, and a library API.

For more information see the project homepage.

Answer 2

Personally, I'm too lazy to pick up my phone, open the RSA app, enter my PIN, and then type it into the login page. I also don't like to deal with Wine. So, instead, I created a totally insane solution to this problem. I wrote a script that will SSH into a Windows machine, launch the RSA app, enter your PIN, copy the result, and put it in the clipboard of your local Linux machine. To do this you need a Windows machine that you can access via SSH with the RSA software installed. I used freesshd as the SSH server in Windows. You will also need AutoHotKey and PsExec.

Compile the following AHK script on the Windows machine (I put the resulting exe at C:\Program Files\RSA SecurID Software Token\rsa-securid.exe):

TokenName = %1%
Pin = %2%
Run, "C:\Program Files\RSA SecurID Software Token\SecurID.exe"
WinWait, %TokenName% - RSA SecurID Token, 
IfWinNotActive, %TokenName% - RSA SecurID Token, , WinActivate, %TokenName% - RSA SecurID Token, 
WinWaitActive, %TokenName% - RSA SecurID Token, 
Send, %Pin%
Sleep, 100
Send, {Enter}
Sleep, 100
Send, ^c
Passcode = %Clipboard%
Sleep, 100
Send, {AltDown}{F4}{AltUp}
ExitApp %Passcode%

Then use the following shell script on the Linux side:

#!/bin/bash
NAME=<the rsa token name>
PIN=<your pin>
HOST=<windows host>
USER=<windows user>
PASSWORD=<windows password>
SESSION=1
PASSCODE=$(ssh $HOST "cmd /c \"C:\Program Files (x86)\Sysinternals\PsExec.exe\" /accepteula \\\127.0.0.1 -u $USER -p $PASSWORD -i $SESSION  C:\\PROGRA~1\\RSASEC~1\\rsa-securid.exe $NAME $PIN" | grep "error code" | sed "s/.*error code \([0-9]*\).*/\1/")
echo -n $PASSCODE | xclip -selection clipboard -in
notify-send --hint=int:transient:1 -i "rsa-securid.png" "Passcode: $PASSCODE"

When the script is done talking to the Windows machine, it will put the passcode in your clipboard and popup a little notification. So basically you push a button, wait a couple seconds, and voila you can paste the passcode.

Hope that helps.

Answer 3

There isn't a RSA Software token for linux, so you will need to resort to using Wine (or running windows in a virtual machine). There is a thread here where the Wine version and RSA Software version detailed that has been found to work.

Another alternative would be to get a phone based token so you are not reliant on a specific desktop and the flakiness of wine. Most phone platforms are supported.

Answer 4

I've made myself a script to generate the passcode from command line, so I don't have to deal with a windows app. It basically runs wine in the background, grabs the output and prints it to console.