| Yubico Forum https://forum.yubico.com/ |
|
| PAM issue with YubiCloud on CentOS 7 https://forum.yubico.com/viewtopic.php?f=3&t=2750 |
Page 1 of 1 |
| Author: | fedorz [ Wed Oct 11, 2017 5:14 pm ] |
| Post subject: | PAM issue with YubiCloud on CentOS 7 |
Hi, I am testing the OTP SSH PAM authentication against the public YubiCloud on CentOS 7 by running a VirtualBox CentOS 7 image. Once the tests are successful, the plan is to roll this out to our actual servers. The issue I face that the PAM module fails authenticating, the debug log shows: Code: Oct 11 11:42:34 centos_test sshd[1324]: Server listening on 0.0.0.0 port 22. Oct 11 11:42:34 centos_test systemd: Started OpenSSH server daemon. Oct 11 11:42:34 centos_test polkitd[619]: Unregistered Authentication Agent for unix-process:1307:25035 (system bus name :1.21, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Oct 11 11:42:47 centos_test sshd[1326]: error: PAM: [color=#0000FF]Authentication service cannot retrieve authentication info for my_user from 127.0.0.1[/color] Oct 11 11:42:48 centos_test sshd[1326]: Connection closed by 127.0.0.1 port 42490 [preauth] I don't understand why is it trying 127.0.0.1? My settings are the following: /etc/pam.d/sshd: Code: auth required pam_yubico.so id=myid key=mykey authfile=/etc/yubikey_mapping urllist=https://api.yubico.com/wsapi/2.0/verify debug /etc/ssh/sshd_config: Code: PasswordAuthentication no ChallengeResponseAuthentication yes I can manually access the YubiCloud: Code: wget -q -O - 'https://api.yubico.com/wsapi/2.0/verify?id=myid&nonce=asdmalksdmlkasmdlkasakmsdaasklmdlak&otp=dteffujehknhfjbrjnlnldnhcujbikngjrtgh' h=svSvQsBDOgm9FFyTXjqNXHJiU= t=2017-10-11T16:11:37Z0347 status=BAD_OTP Network settings: Code: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:c6:0f:7d brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3 valid_lft 85120sec preferred_lft 85120sec What looks odd to me in the debug logs, that is seemingly trying to verify the authentication against 127.0.0.1. Any idea what might be wrong? Thanks |
|
| Author: | mattlegitt [ Sat Oct 14, 2017 7:35 am ] |
| Post subject: | Re: PAM issue with YubiCloud on CentOS 7 |
Hello fedorz, Just to confirm you visited (https://upgrade.yubico.com/getapikey/) to receive a id and api key to replace in the following line? auth required pam_yubico.so id="Replace with ID" key="replace with API Key" authfile=/etc/yubikey_mapping urllist=https://api.yubico.com/wsapi/2.0/verify debug Best Regards, Matthew Yubico Support |
|
| Author: | fedorz [ Sat Oct 14, 2017 1:33 pm ] |
| Post subject: | Re: PAM issue with YubiCloud on CentOS 7 |
Yes, that is correct, that is where I got the id and key I am using. |
|
| Author: | fedorz [ Tue Oct 31, 2017 2:01 pm ] |
| Post subject: | Re: PAM issue with YubiCloud on CentOS 7 |
No response? |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|