from the token-based-security dept.
has implemented SecurID authentication for the official portable release of OpenSSH in the form of a downloadable patch. SecurID® authentication is based on something you know (a password or PIN), and something you have (an authenticator) - providing a much more reliable level of user authentication than reusable password. His patch is made as challenge response authentication and firstname.lastname@example.org authentication (a non-standard solution provided in commercial implementations from F-Secure and SSH) with full privilege separation support. Vaclav says that you can find another (different) implementation and Theo's patch, which makes possible use of SecurID tokens in OpenSSH, but his solution is very simple one and implemented as a hack into password authentication."
The patch needs a bit more cleanup, but you can help by testing his patch (if you have the right hardware). This would be pretty neat, and allow for OpenSSH to be a more central role in some authentication systems.