Linux dial-up with a SecurID one-shot password device - Xubuntu and WVDIAL

The SecurID problem
Why not use one of the GUI PPP dialers?
Enter WVDIAL

The SecurID problem

Many companies, including my employer, use one-shot password devices for remote access. You dial-up the RAS number, enter your username and password, then a PPP session is established. The difficult bit is that your password is never the same. The SecurID device is a small keytag that shows a 6 digit number that changes every minute. In my case, a fixed personal PIN plus the number from the SecurID are added together to make the password. Getting that to work from a Linux client is a bit tricky, but here is how I got it working using WVDIAL

Why not use one of the GUI PPP dialers?

like KPPP or the Network tool in GNOME. The answer is that they expect a fixed password for each connection, and don't provide a terminal mode access so you can enter the one-shot password. (or if they do, I couldn't work out how 8-<).

I did experiment with Minicom, with the idea of dialing up using it, quitting without resetting the modem, then running pppd as root, but I could not even get Minicom to find the modem in the old Thinkpad A22m laptop I am using.

Enter WVDIAL

WVDIAL The laptop has Xubuntu as I have only 128MB RAM and my favourite distro Ubuntu 6.06 LTS is too big. WvDial is installed by default.

Here's what I do:-

1. open a terminal window and su - to become root

2. enter wvdialconf to configure WvDial. It does this auto-magically. Here is what I saw

Editing `/etc/wvdial.conf'.

Scanning your serial ports for a modem.

Modem Port Scan<*1>: Scanning ttyLTM0 first, /dev/modem is a link to it.
ttyLTM0<*1>: ATQ0 V1 E1 -- OK
ttyLTM0<*1>: ATQ0 V1 E1 Z -- OK
ttyLTM0<*1>: ATQ0 V1 E1 S0=0 -- OK
ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 -- OK
ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 -- OK
ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK
ttyLTM0<*1>: Modem Identifier: ATI -- LT V.92 Data+Fax Modem Version 8.31
ttyLTM0<*1>: Speed 4800: AT -- OK
ttyLTM0<*1>: Speed 9600: AT -- OK
ttyLTM0<*1>: Speed 19200: AT -- OK
ttyLTM0<*1>: Speed 38400: AT -- OK
ttyLTM0<*1>: Speed 57600: AT -- OK
ttyLTM0<*1>: Speed 115200: AT -- OK
ttyLTM0<*1>: Max speed is 115200; that should be safe.
ttyLTM0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 -- OK
ttyS0<*1>: ATQ0 V1 E1 -- failed with 2400 baud, next try: 9600 baud
ttyS0<*1>: ATQ0 V1 E1 -- failed with 9600 baud, next try: 115200 baud
ttyS0<*1>: ATQ0 V1 E1 -- and failed too at 115200, giving up.
Modem Port Scan<*1>: S1   S2   S3   S4   S5   S6   S7   S8   
Modem Port Scan<*1>: S9   S10  S11  S12  S13  S14  S15  S16  
Modem Port Scan<*1>: S17  S18  S19  S20  S21  S22  S23  S24  
Modem Port Scan<*1>: S25  S26  S27  S28  S29  S30  S31  S32  
Modem Port Scan<*1>: S33  S34  S35  S36  S37  S38  S39  S40  
Modem Port Scan<*1>: S41  S42  S43  S44  S45  S46  S47  

Found a modem on /dev/ttyLTM0, using link /dev/modem in config.
Modem configuration written to /etc/wvdial.conf.
ttyLTM0<Info>: Speed 115200; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

3. edit the resulting /etc/wvdial.conf file.

I added my username, the phone number to dial, and commented out the password. Here's what it looks like

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
; Password = xxxxxx
Phone = 0198123456
Modem Type = Analog Modem
Baud = 115200
New PPPD = yes
Modem = /dev/modem
ISDN = 0
Username = smbates
; Phone = <Target Phone Number>
; Password = <Your Password>
; Username = <Your Login Name>

4. type in the following command

root@snifftoo:/etc# wvdial password=ppppnnnnnn

where "pppp" is the personal PIN (if your company uses one) and "nnnnnn" is the 6 digit code on the SecurID.tag. NOTE wait till the number rolls over to a new one, this gives you a minute before the one-shot password expires. This is more that enough time to make the connection, at least for me 8-). Here are the results

--> WvDial: Internet dialer version 1.55
--> Initializing modem.
--> Sending: ATZ
ATZ
OK
--> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
--> Modem initialized.
--> Sending: ATDT0198123456
--> Waiting for carrier.
ATDT0198123456
CONNECT 46666 V44
--> Carrier detected.  Waiting for prompt.
** Dial IP **
Username:
--> Looks like a login prompt.
--> Sending: smbates
smbates
Password:
--> Looks like a password prompt.
--> Sending: (password)
    Entering PPP Session.
    IP address is 10.214.139.51
    MTU is 1524.
--> Looks like a welcome message.
--> Starting pppd at Tue Sep  4 19:53:47 2007
--> Pid of pppd: 4726
--> Using interface ppp0
--> local  IP address 10.214.139.51
--> remote IP address 154.135.58.235
--> primary   DNS address 205.5.35.54
--> secondary DNS address 205.5.35.75

That's it! You can now telnet, ssh, ftp, web browse, etc.

Note - all the IP addresses above are dummies.

Home... Computers...

Last changed 4 September 2007 Contact me

This document was generated using AFT v5.096