I am trying to get Yubikey SSH and Yubikey local log on working together. Or more specifically working correctly together.
Right now, I have the local log on working fantastic. It required my Yubikey anytime I want to login locally to the machine, or the screen saver kicks in, exactly how I would like it.
Then I moved on to getting SSH working with the yubikey. Initially following the PAM/ssh instructions it would not work at all unless I inserted the Yubikey into the machine I wanted to ssh INTO as opposed to the machine I was sshing FROM. I thought that was very weird, but then I figured out that within the pam ssh config file it was calling @include common-auth and once I commented that out, I was able to use my yubikey as intended to ssh into the computer. Insert the yubikiy into the local machine that I am on, ssh into the machine I want to access, enter my password followed by pressing the button on the yubikey and I was in!
I though I was a happy camper but when I attempt to sudo (or su for that matter) my passwords were failing. So back to the logs I went and found out that in order to su or sudo via ssh, the yubikey had to be reinserted into the computer I was sshing INTO again.
I think that it has to do with how (or in what order) PAM is looking for passwords or auths, but I am not sure and one thing I have learned is that it is very easy to lock yourself out of a box by messing around with PAM.
Has someone got this working and would you be willing to share how...?
Many ThanksStatistics: Posted by MD500Pilot — Fri Oct 28, 2016 3:41 pm
]]>