Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:36 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Fri Oct 28, 2016 3:41 pm 
Offline

Joined: Fri Oct 28, 2016 2:12 pm
Posts: 2
OK, I think I might be losing my mind here a little bit. Hopefully, I can make this work, but I think I am too close to the problem at this point.

I am trying to get Yubikey SSH and Yubikey local log on working together. Or more specifically working correctly together.

Right now, I have the local log on working fantastic. It required my Yubikey anytime I want to login locally to the machine, or the screen saver kicks in, exactly how I would like it.

Then I moved on to getting SSH working with the yubikey. Initially following the PAM/ssh instructions it would not work at all unless I inserted the Yubikey into the machine I wanted to ssh INTO as opposed to the machine I was sshing FROM. I thought that was very weird, but then I figured out that within the pam ssh config file it was calling @include common-auth and once I commented that out, I was able to use my yubikey as intended to ssh into the computer. Insert the yubikiy into the local machine that I am on, ssh into the machine I want to access, enter my password followed by pressing the button on the yubikey and I was in!

I though I was a happy camper but when I attempt to sudo (or su for that matter) my passwords were failing. So back to the logs I went and found out that in order to su or sudo via ssh, the yubikey had to be reinserted into the computer I was sshing INTO again.

I think that it has to do with how (or in what order) PAM is looking for passwords or auths, but I am not sure and one thing I have learned is that it is very easy to lock yourself out of a box by messing around with PAM.

Has someone got this working and would you be willing to share how...?

Many Thanks


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed May 17, 2017 4:31 am 
Offline

Joined: Fri Oct 28, 2016 2:12 pm
Posts: 2
HELP....anyone...anyone...?

New machine, still trying to make this work....

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Fri May 19, 2017 7:38 pm 
Offline

Joined: Wed Mar 15, 2017 9:15 am
Posts: 9
AND or OR? As far as I know, Yubikey local log on is indeed local - workarounds to plug the stick into the remote end by USB-over-VPN would not be entirely impossible, but are hardly practicable.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group