RSA Product Set: SecurID
RSA Product/Service Type: MFA Agent 9.0 for PAM
RSA Version/Condition: 8.x

According to the RSA MFA Agent for PAM Platform Support Matrix, the MFA Agent 9.0 for PAM Agent is supported on RHEL 9.x, but the guide does not call out the fact that there is a file called 50-redhat.conf in /etc/ssh/sshd_config.d that will overwrite values that you try to put into /etc/ssh/sshd_config.

Steps to correct the issue:

1. Login as root and navigate to /etc/ssh/ 

cd /etc/ssh

2. Make a backup of the sshd_config file

cp sshd_config sshd_config.orig

3. Make a backup of 50-redhat.conf

cp ssh_config.d/50-redhat.conf ssh_config.d/50-redhat.conf.orig

4. Open the new ssh_config.d/50-redhat.conf in vi or vim.
5. Find the line containing ChallengeResponseAuthentication and set it to yes:

ChallengeResponseAuthentication yes

6. Save the file using [Esc]:wq!
7. Open sshd_config in vi or vim.
8. Find the line containing ChallengeResponseAuthentication and set it to yes:

ChallengeResponseAuthentication yes

9. Save the file using [Esc]:wq!
10. Restart the ssh daemon.
11. The rest of the config guide is correct as written.