OpenSSH and SecurID, still a good choice.
A long time ago, I wrote integration into the portable version of OpenSSH to allow direct authentication against an RSA ACE (SecurID) server. I've received many thanks over time for the work and I'm aware that it is used at some (very large) organizations. However, as with most security related things, people tend not to talk about what they do. As it is open source and no registration is required to download the patch, I think I might have underestimated the deployments.
Quite some time ago, Jim Matthews over at NASA took over maintenance of the patch. This sort of seamless transition of ownership is why I really love open source. Jim does a great job.
Since that patch's inception, it has been hosted on my old static projects page. That meant that James has to send me a copy to post every time a new version of the patch came out. How 1998. Anyway, since we went through all the effort of setting up open source hosting, how about I use it! The OpenSSH+SecurID integration effort has moved to labs! Get your one-time-password, two-factor security while it's hot!