Re: API key not working with ykclient in PAM

2015-10-27T09:27:02+01:00

it should look something like this, the API key is base 64 encoded don't have to touch it:

root@vendetta:/etc/pam.d# cat yubi-auth
auth sufficient pam_yubico.so id=123456 key=2bD7GmNwNmJv3mKKazuumqTdTrM= authfile=/etc/ssh/yubikey_mappings url=https://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s debug

Statistics: Posted by Tom2 — Tue Oct 27, 2015 9:27 am

API key not working with ykclient in PAM

2015-10-14T20:08:09+01:00

I'm having issues with trying to do SSH sessions with my Yubikey as a two factor authorization. When I use it without the key field for pam_yubico.so, it works fine. However, when I put the secret API key that I have generated for it, it fails with the server signature being invalid (BAD_SERVER_SIGNATURE) according to the debug log output.

I have a few questions: is the API key needed for this, and if so, for what? Additionally, if there are pluses and equals in my API key, should I convert that to a URL friendly format?

I'm also using this on Raspberry Pi 2 with Raspbian.

Here is the PAM line I use at the top of my pam.d/sshd file (key removed)

Code:

auth    required        pam_yubico.so id=25108 key=XXXXXXX authfile=/etc/yubi-map debug

Statistics: Posted by st33med — Wed Oct 14, 2015 8:08 pm

Yubico Forum

Re: API key not working with ykclient in PAM

API key not working with ykclient in PAM