RSA SecurID Token on GNU/Linux
If you have ended up on this page trying to search ways to get Cisco VPN SecurID software token working on GNU/Linux, i can safely assume you are extremely frustrated by now.
I have tried installing it atop Wine which in-spite of my best efforts didn’t work, so its not worth wasting your time with Windows version. On the RSA website i came across this J2ME version(the one thats supposed to work on java enabled mobile phones). I came across this project called MicroEmulator which emulates java enabled phone like environment and allows development and testing of J2ME applications. This is what it took me to get it working on GNU/Linux.
$ java -version
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Server VM (build 16.3-b01, mixed mode)
$ wget ftp://ftp.rsa.com/pub/agents/j2me/JME23.zip
$ wget ftp://ftp.rsasecurity.com/pub/agents/TokenConverter.tar.gz
$ mkdir securId
$ unzip microemulator-2.0.4.zip -d securId/
$ unzip JME23.zip -d securId/
$ tar -C securId -zxvf TokenConverter.tar.gz
$ cd securId
$ cp some_directory/token_file.sdtid .
$ chmod +x TokenConverter
$ ./TokenConverter token_file.sdtid -p 'password_you_got_from_admin' -o num_out
$ split num_out -b 5
$ for i in `ls x*`; do echo -\> `cat $i`; done | nl > /tmp/17_parts
$ cat /tmp/17_parts # you want to refer this list when filling up numbers in the SecurID app
13 -> 32323
14 -> 43434
15 -> 54545
16 -> 67676
17 -> 0
$ java -cp microemulator-2.0.4/microemulator.jar:SecurID.jar org.microemu.app.Main com.rsa.swtoken.j2me.client.SecurID
This should bring up the emulator X window. Lets drive the process further using screenshots, as its GUI intensive hence harder to communicate and understand.
Image 1: Emulator launched with SecurID Token application
Image 2: Shows welcome screen after accepting license.
Image 3: Chooses a more comfortable layout from Options -> Select Device as default device.
Image 4: Chooses ‘Numeric Input’ over ‘Web Download'(which i couldn’t get to work).
Image 5: Shows screen prompting for Numeric Input.
Image 6: Shows screen Numeric Input prompt filled with numbers we captured in /tmp/17_parts.
Image 7: Shows the screen post entering Numeric Input (with password ‘password_you_got_from_admin’ populated)
Image 8: Finally, token added successfully.
Image 9: Prompts for pin (this was a 4 digit number in my case)
Image 10: Displays the 8 digit number you need to use as password to vpnc(or Cisco VPN Client/nm-applet vpnc plugin etc) to connect to vpn.
This pain and aggravation we just went through is one time only(what we just did was import the token, and we don’t need to do this every day). You will however need to type the ‘password_you_got_from_admin’ every time, in order to get it to prompt for the 4 digit pin. Quit the emulator at this point and relaunch it(using command $ java -cp…) to see what i mean.
Unlike every other post i wouldn’t end this one with “Happy VPNing” because i know VPNing can never make you happy(or at-least not if you are like me). However this should help make the procedure to connect to VPN shorter for you. In my case it reduced from “requesting Sweta(my wife) to launch the SecurID app on her laptop(which has OS X) and dictate me the number(which obviously wasn’t as easy when she was not around)” to invoking “java -cp …”.
Its funny that Proprietary software makers go this length to make life difficult for Free Software users(and we still get around it). In this case it so happens that RSA has SecurID app for Windows, OS X, Blackberry, Symbian(which doesn’t work BTW…) and J2ME platform but not for GNU/Linux or BSDs. They support all operating systems but the best!
I have tried this setup on my laptop which runs 32 bit Gentoo, but these steps should work on any other *nix flavor that has sun jvm installed. I tried the web-download method for adding token as well, but couldn’t get it to work and didn’t know what the problem was. Will post what i did for web-download as a comment on this page sometime soon(and hope someone helps us by hacking it and getting it to work). I don’t know about you, but keying-in the 17 sets of wierd numbers was the most painful part of this whole exercise for me.