Yubico Forum

View unanswered posts | View active topics

Board index » Yubico Software » Web Service Client Software

All times are UTC + 1 hour

PAM issue with YubiCloud on CentOS 7

Page 1 of 1

[ 4 posts ]

Print view

Previous topic | Next topic

Author

Message

fedorz

Post subject: PAM issue with YubiCloud on CentOS 7

Posted: Wed Oct 11, 2017 5:14 pm

Joined: Wed Oct 11, 2017 4:59 pm
Posts: 3

Hi,

I am testing the OTP SSH PAM authentication against the public YubiCloud on CentOS 7 by running a VirtualBox CentOS 7 image.
Once the tests are successful, the plan is to roll this out to our actual servers.

The issue I face that the PAM module fails authenticating, the debug log shows:

Code:

Oct 11 11:42:34 centos_test sshd[1324]: Server listening on 0.0.0.0 port 22.
Oct 11 11:42:34 centos_test systemd: Started OpenSSH server daemon.
Oct 11 11:42:34 centos_test polkitd[619]: Unregistered Authentication Agent for unix-process:1307:25035 (system bus name :1.21, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Oct 11 11:42:47 centos_test sshd[1326]: error: PAM: [color=#0000FF]Authentication service cannot retrieve authentication info for my_user from 127.0.0.1[/color]
Oct 11 11:42:48 centos_test sshd[1326]: Connection closed by 127.0.0.1 port 42490 [preauth]

I don't understand why is it trying 127.0.0.1?

My settings are the following:

/etc/pam.d/sshd:

Code:

  auth required pam_yubico.so id=myid key=mykey authfile=/etc/yubikey_mapping urllist=https://api.yubico.com/wsapi/2.0/verify debug

/etc/ssh/sshd_config:

Code:

  PasswordAuthentication no
  ChallengeResponseAuthentication yes

I can manually access the YubiCloud:

Code:

wget -q -O - 'https://api.yubico.com/wsapi/2.0/verify?id=myid&nonce=asdmalksdmlkasmdlkasakmsdaasklmdlak&otp=dteffujehknhfjbrjnlnldnhcujbikngjrtgh'
h=svSvQsBDOgm9FFyTXjqNXHJiU=
t=2017-10-11T16:11:37Z0347
status=BAD_OTP

Network settings:

Code:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:c6:0f:7d brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 85120sec preferred_lft 85120sec

What looks odd to me in the debug logs, that is seemingly trying to verify the authentication against 127.0.0.1.

Any idea what might be wrong?

Thanks

Top

Share On:
	Facebook		Twitter		Tumblr		Google+

mattlegitt

Post subject: Re: PAM issue with YubiCloud on CentOS 7

Posted: Sat Oct 14, 2017 7:35 am

Yubico Moderator

Joined: Tue Jan 05, 2016 5:03 pm
Posts: 27

Hello fedorz,

Just to confirm you visited (https://upgrade.yubico.com/getapikey/) to receive a id and api key to replace in the following line?
auth required pam_yubico.so id="Replace with ID" key="replace with API Key" authfile=/etc/yubikey_mapping urllist=https://api.yubico.com/wsapi/2.0/verify debug

Best Regards,
Matthew
Yubico Support

Top

fedorz

Post subject: Re: PAM issue with YubiCloud on CentOS 7

Posted: Sat Oct 14, 2017 1:33 pm

Joined: Wed Oct 11, 2017 4:59 pm
Posts: 3

Yes, that is correct, that is where I got the id and key I am using.

Top

fedorz

Post subject: Re: PAM issue with YubiCloud on CentOS 7

Posted: Tue Oct 31, 2017 2:01 pm

Joined: Wed Oct 11, 2017 4:59 pm
Posts: 3

No response?

Top

Page 1 of 1

[ 4 posts ]

Board index » Yubico Software » Web Service Client Software

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

PAM issue with YubiCloud on CentOS 7

Share On:

Who is online