PuTTY Challenge for PIN Needed
01-10-2019 11:01 AM
This is a follow-up to a post I made almost 3 years ago: PuTTY prompt for PIN
This topic has resurfaced (DOD systems). We are being requested to challenge the user for their PIN whenever they log into a server using PuTTY. This requirement is to bring the Linux systems in line with the way Windows RDP sessions are authenticated. Evidently, SSO does not satisfy this requirement.
Can this be implemented? It looks like the underlying framework is there. If it cannot we need to start looking for a solution elsewhere or modify the source code ourselves to take advantage of multiple smart card tokens.
01-11-2019 04:01 PM
At the moment Linux and Unix access via SSH does NOT provide remote access to the Smart Card, nor does SSH support PKI based authentication (something we are looking into adding, but it's not there today).
For PuTTY challenge with PIN, there is an open-source SSH client PuTTY-CAC for Windows which supports smartcard authentication, particularly using the US Department of Defense Common Access Card (DoD CAC) as a PKI token. Also, Centrify is looking to adapt this integration in our future release.