install standard server install of Debian lenny
Code:
apt-get update
apt-get upgrade
apt-get install build-essential autoconf automake libtool libpam-dev subversion libcurl4-gnutls-dev
Code:
mkdir yubikey
Code:
cd yubikey
Code:
wget http://yubico-c.googlecode.com/files/libyubikey-1.1.tar.gz
tar zxvf libyubikey-1.1.tar.gz
cd libyubikey-1.1
./configure
make
make check
make install
Code:
cd ..
Code:
wget http://yubico-c-client.googlecode.com/files/libyubikey-client-1.4.tar.gz
tar zxvf libyubikey-client-1.4.tar.gz
cd libyubikey-client-1.4
autoreconf -fvi
./configure
make check
make install
Code:
cd ..
Code:
svn checkout http://yubico-pam.googlecode.com/svn/trunk/ yubico-pam-svn
cd yubico-pam-svn
autoreconf --install
./configure
make clean
make check install
ORCode:
tar zxvf pam_yubico-1.8.tar.gz
cd pam_yubico-1.8
./configure
make check install
I chose the SVN route
Code:
cd ..
Code:
pico /etc/pam.d/sshd (This is my whole file)
# PAM configuration for the Secure Shell service
## YubiKey Config
# Administrative Level
auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug
#OR
# User Level
# auth required pam_yubico.so id=16 debug
# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so
# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so
# Standard Un*x authorization.
@include common-account
# Standard Un*x session setup and teardown.
@include common-session
# Print the message of the day upon successful login.
session optional pam_motd.so # [1]
# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]
# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Set up SELinux capabilities (need modified pam)
# session required pam_selinux.so multiple
# Standard Un*x password updating.
@include common-password
Code:
pico /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
UsePAM yes
Not required but good pratice
PermitRootLogin? no
Code:
pico /etc/yubikeyid
timm:nktcdenuukhc:hgfujcchbnjg
pico /home/timm/.yubico/authorized_yubikeys
timm:nktcdenuukhc:hgfujcchbnjg
I rebooted to be sure that everything loaded but this is probably over kill
I used putty to
ssh to my Yubikey test box
Password: (enter 'password' and touch the hgfujcchbnjg yubikey)
And no matter if I try the admin or user level it will never log in if I comment out the Yubikey line
ssh login works fine if someone can popint me in the right direction that would be great
Thank you in advanced
Tim