I just received my Yubikeys, and love them already! I was able to implement the brand new AuthenticationMethods option on OpenSSH 6.2 to allow publickey + keyboard-interactive (PAM -> Yubico OTP) and it works like a charm!!
I have got only one problem when I try to use my SFTP client (Cyberduck) where the public key authentication is working, then I got a popup telling me the partial authentication is done (which is a good news) but I tried lot of different combination with touching the Yubikey but the authentication failed on this second pop-up asking me username/password.
Activating the debug telling me that PAM and yubico modules try to interpret my user as the OTP key which is making the second step authentication failed... The problem is that I am not allow to put the OTP in place of my username and the pop-up required a password..
Any ideas? Thanks Belette
|