Can I use an RSA SecurID software token on Ubuntu Linux?


Solution 1

There isn't a RSA Software token for linux, so you will need to resort to using Wine (or running windows in a virtual machine). There is a thread here where the Wine version and RSA Software version detailed that has been found to work.

Another alternative would be to get a phone based token so you are not reliant on a specific desktop and the flakiness of wine. Most phone platforms are supported.

Solution 2

Recent versions of Ubuntu offer the stoken package, a native open source SecurID implementation that includes a CLI, a GTK+ GUI, and a library API.

For more information see the project homepage.

Solution 3

Personally, I'm too lazy to pick up my phone, open the RSA app, enter my PIN, and then type it into the login page. I also don't like to deal with Wine. So, instead, I created a totally insane solution to this problem. I wrote a script that will SSH into a Windows machine, launch the RSA app, enter your PIN, copy the result, and put it in the clipboard of your local Linux machine. To do this you need a Windows machine that you can access via SSH with the RSA software installed. I used freesshd as the SSH server in Windows. You will also need AutoHotKey and PsExec.

Compile the following AHK script on the Windows machine (I put the resulting exe at C:\Program Files\RSA SecurID Software Token\rsa-securid.exe):

TokenName = %1%
Pin = %2%
Run, "C:\Program Files\RSA SecurID Software Token\SecurID.exe"
WinWait, %TokenName% - RSA SecurID Token, 
IfWinNotActive, %TokenName% - RSA SecurID Token, , WinActivate, %TokenName% - RSA SecurID Token, 
WinWaitActive, %TokenName% - RSA SecurID Token, 
Send, %Pin%
Sleep, 100
Send, {Enter}
Sleep, 100
Send, ^c
Passcode = %Clipboard%
Sleep, 100
Send, {AltDown}{F4}{AltUp}
ExitApp %Passcode%

Then use the following shell script on the Linux side:

NAME=<the rsa token name>
PIN=<your pin>
HOST=<windows host>
USER=<windows user>
PASSWORD=<windows password>
PASSCODE=$(ssh $HOST "cmd /c \"C:\Program Files (x86)\Sysinternals\PsExec.exe\" /accepteula \\\ -u $USER -p $PASSWORD -i $SESSION  C:\\PROGRA~1\\RSASEC~1\\rsa-securid.exe $NAME $PIN" | grep "error code" | sed "s/.*error code \([0-9]*\).*/\1/")
echo -n $PASSCODE | xclip -selection clipboard -in
notify-send --hint=int:transient:1 -i "rsa-securid.png" "Passcode: $PASSCODE"

When the script is done talking to the Windows machine, it will put the passcode in your clipboard and popup a little notification. So basically you push a button, wait a couple seconds, and voila you can paste the passcode.

Hope that helps.

Solution 4

I've made myself a script to generate the passcode from command line, so I don't have to deal with a windows app. It basically runs wine in the background, grabs the output and prints it to console.


Related videos on Youtube

Dan Tao
Author by

Dan Tao

Author of the blog The Philosopher Developer and the open source libraries lazy.js and nearest-color (among others), and cohost of the podcast Spaceflix. GitHub: dtao Twitter: @dan_tao SoundCloud: dantao I’m the Head of Engineering for Bitbucket Cloud. Previously I've worked at Google, Cardpool, and ThoughtWorks.

Updated on September 18, 2022


  • Dan Tao
    Dan Tao almost 2 years

    I have Windows, Mac, and Linux computers; but I am only able to connect to some of my company's websites through the Windows and Mac machines at the moment because they are the only ones with RSA SecurID software tokens. I'm curious: is it possible to set up a SecurID software token to work on a Linux system (in my case, Ubuntu)?

    • Admin
      Admin over 12 years
      Is tehre something else going on here? Some sort of single-sign-on system in addition to the tokens?
    • Admin
      Admin over 12 years
      @PriceChild: To be honest, I don't think I understand how RSA tokens work well enough to even get what you're asking. All I know is that typically, to access certain sites within my company I have to enter the string displayed by my software token into an input box. Then I can log in. Since I don't have such a token on my Linux machine, I view the websites as inaccessible. Perhaps that's grossly inaccurate; like I said, I don't really understand the whole system well enough to know.
  • Dan Tao
    Dan Tao over 12 years
    The phone-based solution was right in front of me the whole time and I was too stupid to notice!
  • Coder Guy
    Coder Guy over 7 years
    This is a very impressive product. It looks professional, easy to use, and incurs very little configuration or overhead. Working great for me, the Windows RSA SecurID is very heavy and goes way overboard with respect to the UI for such a simple tool. This extra complexity makes it extremely brittle and newer versions won't work.
  • Coder Guy
    Coder Guy over 7 years
    See the answer below regarding stoken, I've tried it and I am very impressed. As for Wine + RSA Software, I can't even get the newer versions to install or run without crashing and/or freezing (albeit I am using Wine staging 2.2). Only RSA SecurID v410 seems to work and it's very clunky at that.