Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:30 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue May 15, 2012 12:20 pm 
Offline

Joined: Tue May 15, 2012 12:13 pm
Posts: 1
I live and breath by my Yubikey, and now I can add the same level of security to my desktop as I do with my Lastpass.

There is a slight hiccough though, with the state of the Yubikey Windows Login Administration, there is no remote support from the remote PC.

I would like to use RDP to connect to my remote computer, but my remote computer doesn't recognize the local yubikey.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Jun 22, 2012 9:22 am 
Offline

Joined: Fri Jun 22, 2012 9:06 am
Posts: 1
:cry: I was just making my way to use th Yubico way of logging into a workstation. We use RDP (MSTSC) alot for remote work. So the Yubikey isn't used with the USB Keyboard device way.

Currently we use http://www.rohos.com/support/knowledge-base/windows-logon-with-yubikey/ which does work with Yubikey. It's paid software :(

Should it be able to use Yubikey with challenge response in the future ? When starting RDP you the 'default' for smartcards is allway's enabled? Perhaps the Yubikey should present itself as a USB SmartCard, so the RDP client can pass trough the Challenge Response over this SmartCard way of doing things.

Image
Regards Onedutch


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 29, 2012 7:48 pm 
Offline

Joined: Fri Jun 20, 2008 2:59 am
Posts: 84
Challenge-response mode over RDP can never work, at least not without very major changes to yubikey or by using different client-side RDP software. Smart cards work extremely differently than yubikey OTP or C/R mode, in terms of cryptography and also interface. There's no way to make a yubikey "look like" a smart card.

Even if one day some yubico product might support public key crypto, it would essentially have to *be* a smart card, in every true sense, in order to authenticate this way using default RDP software.

The alternative if you need remote logon working is simply to use OTP mode instead of C/R mode. All the other logon solutions for yubikey support this mode. Yubico's stance (correct) is that this leads to less endpoint security since the shared secret must be stored on the workstation. But if you encrypt your drive this is somewhat mitigated.

Also in terms of security, the yubico windows logon software has a very long way to go in terms of security best practices. Right now the software is making a lot of rookie security mistakes. But I'm sure over time it will improve, as free solutions do, slowly.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group