| Yubico Forum https://forum.yubico.com/ |
|
| API key not working with ykclient in PAM https://forum.yubico.com/viewtopic.php?f=3&t=2060 |
Page 1 of 1 |
| Author: | st33med [ Wed Oct 14, 2015 8:08 pm ] |
| Post subject: | API key not working with ykclient in PAM |
I'm having issues with trying to do SSH sessions with my Yubikey as a two factor authorization. When I use it without the key field for pam_yubico.so, it works fine. However, when I put the secret API key that I have generated for it, it fails with the server signature being invalid (BAD_SERVER_SIGNATURE) according to the debug log output. I have a few questions: is the API key needed for this, and if so, for what? Additionally, if there are pluses and equals in my API key, should I convert that to a URL friendly format? I'm also using this on Raspberry Pi 2 with Raspbian. Here is the PAM line I use at the top of my pam.d/sshd file (key removed) Code: auth required pam_yubico.so id=25108 key=XXXXXXX authfile=/etc/yubi-map debug
|
|
| Author: | Tom2 [ Tue Oct 27, 2015 9:27 am ] |
| Post subject: | Re: API key not working with ykclient in PAM |
it should look something like this, the API key is base 64 encoded don't have to touch it: root@vendetta:/etc/pam.d# cat yubi-auth auth sufficient pam_yubico.so id=123456 key=2bD7GmNwNmJv3mKKazuumqTdTrM= authfile=/etc/ssh/yubikey_mappings url=https://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s debug |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|