Yubico Forum ...visit our web-store at 2017-09-26T05:48:09+01:00 https://forum.yubico.com/feed.php?f=35&t=2691 2017-09-26T05:48:09+01:00 2017-09-26T05:48:09+01:00 https://forum.yubico.com/viewtopic.php?t=2691&p=9773#p9773 <![CDATA[Re: [Question]Self hosted validation server]]>
After installing a personalization tool in windows,personalize my slot2, then input it in the ykksm database. I was able to test via wget on the localhost. Also test connection via ykclient and I get a SUCCESS OTP

Then I configure a VE container, setup pam.d and ssh for two step authentication, and test loging in via ssh, and I was able to login, logs from ykksm server also logs this

Quote:

Sep 26 00:36:02 auth-ksm ykksm[2090]: SUCCESS OTP myyubikeykeys PT myrandomlogs OK counter=0001 low=d301 high=b8 use=0b


If I got free time, will write a doc on what steps I made to make this self hosted validation server, and will share it here
Thank you

valgenova

Statistics: Posted by valgenova — Tue Sep 26, 2017 5:48 am

]]> 2017-09-25T08:41:14+01:00 2017-09-25T08:41:14+01:00 https://forum.yubico.com/viewtopic.php?t=2691&p=9770#p9770 <![CDATA[Re: [Question]Self hosted validation server]]>
Just a question, if I want to host a self validation server, do I really need to personalize my yubikey, or use the ykpersonalize tool. I tested my yubikey using dropbox, and the yubikey works fine, also I tried the pam.d login
my yubikey using the api.yubico.com to validate or verify also works fine, im trying to configure a self-hosted validation server and I'm getting this error.

Quote:

Sep 19 23:24:48 auth-ksm ykksm[3533]: UID error: myyubicootpjtgtbtirtuhfchrhulentjbdhglulhdn f56e9c3d8737839e9b850b7394bb50d9: f56e9c3d8737 vs d3f0fc27cd93


The only step I did not do is to personalize the yubikey
Again my question is, do I have to personalize my yubikey in order for my ykksm to work?

Thank you in advance

valgenova

Statistics: Posted by valgenova — Mon Sep 25, 2017 8:41 am

]]> 2017-09-20T05:19:33+01:00 2017-09-20T05:19:33+01:00 https://forum.yubico.com/viewtopic.php?t=2691&p=9758#p9758 <![CDATA[Re: [Question]Self hosted validation server]]>
Searching the net around to fix the mcrypt error
Quote:

PHP Fatal error: Call to undefined function mcrypt_module_open() in /usr/share/yubikey-ksm/ykksm-utils.php on line 48


I have enabled the php5-mcrypt by editing the /etc/php5/apache2/php.ini add the line extension=mcrypt.so, then restart apache2.

Then test the ykksm server again via

Quote:

curl 'http://localhost/wsapi/decrypt?otp=myyubicootpjtgtbtirtuhfchrhulentjbdhglulhdn' -v

Then got this response
ERR Corrupt OTP
which the ykksm docs is the correct response, and the logs are
Quote:

Sep 19 23:24:48 auth-ksm ykksm[3533]: UID error: myyubicootpjtgtbtirtuhfchrhulentjbdhglulhdn f56e9c3d8737839e9b850b7394bb50d9: f56e9c3d8737 vs d3f0fc27cd93


What I need to do now is troubleshoot the ykval server, when I run
Quote:

wget -q -O - 'http://localhost/wsapi/2.0/verify?id=1&nonce=asdmalksdmlkasmdlkasmdlakmsdaasklmdlak&otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh'


I should get a status=NO_SUCH_CLIENT, im getting status=BAD_OTP, I have already generated some clients on the database

Thanks in advance

valgenova

Statistics: Posted by valgenova — Wed Sep 20, 2017 5:19 am

]]> 2017-09-19T07:56:38+01:00 2017-09-19T07:56:38+01:00 https://forum.yubico.com/viewtopic.php?t=2691&p=9755#p9755 <![CDATA[Re: [Question]Self hosted validation server]]>
Still troubleshooting the problem, to add for the troubleshooting

When I run this command on the ykksm server to test
wget -O - 'http://localhost/wsapi/decrypt?otp=mykeyfkgknthctdkdkrleficdrlhvlbjlgter'

error on the /var/log/apache2/ykksm-error.log
[Tue Sep 19 02:53:15.328215 2017] [:error] [pid 1465] [client 127.0.0.1:56256] PHP Fatal error: Call to undefined function mcrypt_module_open() in /usr/share/yubikey-ksm/ykksm-utils.php on line 48

I have php5-mcrypt installed.

Thank you in advance.

valgenova

Statistics: Posted by valgenova — Tue Sep 19, 2017 7:56 am

]]> 2017-08-23T05:19:58+01:00 2017-08-23T05:19:58+01:00 https://forum.yubico.com/viewtopic.php?t=2691&p=9713#p9713 <![CDATA[[Question]Self hosted validation server]]>
Im trying to setup a self hosted validation server or yubikey-val and yubikey-ksm, both server are
separated, I have followed the steps in this url https://developers.yubico.com/yubikey-v ... ation.html,
as well as https://developers.yubico.com/yubikey-ksm/ I have also installed ykclient on a separate server
to test, verify and decrypt my servers.

I have generated the client keys and put in the yubikey-val server mysql with database of ykval.

When I try to test using the ykclient and verify or
ykclient --url "http://10.1.11.6/wsapi/2.0/verify" --apikey my_apikey= 2 my_otpkey --debug
Verification output (1): Yubikey OTP was bad (BAD_OTP)

My questions are:
1. trying to search the net for any documentation about this self hosted server, with separated server for both ykval and ykksm, if there is, can you point me to that url?
2. there is a setting in yubikey-val ykval-config.php
"http://127.0.0.1:80/wsapi/decrypt?otp=$otp"

do I need to change this 127.0.0.1 to the ip address of my ykksm server?
3. is there any other config I need to edit for this self-hosted separated validation server and ykksm server
to work?

Thank you in advance.
valgenova

Statistics: Posted by valgenova — Wed Aug 23, 2017 5:19 am

]]>