Using SFTP (SSH) with Radius/RSA SecurID

(Two-factor authentication available in EFT Server Enterprise) Authenticating with RADIUS/RSA SecurID can be a multi-step process on your first login, as you establish your PIN. The server can request additional information from the user or device, such as a secondary password. The secondary password prompt can cause problems with SFTP clients who may not allow multiple prompts.

For example, in the screenshot:

  • The first login is a successful login for the user khy (the PIN had already been setup elsewhere).

  • The second login attempt by khy is made after the administrator forces PIN setup on the next login (done through the RADIUS/RSA configuration console elsewhere, not in EFT Server).

To successfully complete the PIN change with OpenSSH SFTP client, you have to specify the option:


This option allows multiple password prompts up to the number (N) that you specify.

Refer to the OpenSSH man pages for more information:

Related Topics