| Yubico Forum https://forum.yubico.com/ |
|
| [Q] Yubi SSH login AND Yubi Local Log On Possible? https://forum.yubico.com/viewtopic.php?f=23&t=2470 |
Page 1 of 1 |
| Author: | MD500Pilot [ Fri Oct 28, 2016 3:41 pm ] |
| Post subject: | [Q] Yubi SSH login AND Yubi Local Log On Possible? |
OK, I think I might be losing my mind here a little bit. Hopefully, I can make this work, but I think I am too close to the problem at this point. I am trying to get Yubikey SSH and Yubikey local log on working together. Or more specifically working correctly together. Right now, I have the local log on working fantastic. It required my Yubikey anytime I want to login locally to the machine, or the screen saver kicks in, exactly how I would like it. Then I moved on to getting SSH working with the yubikey. Initially following the PAM/ssh instructions it would not work at all unless I inserted the Yubikey into the machine I wanted to ssh INTO as opposed to the machine I was sshing FROM. I thought that was very weird, but then I figured out that within the pam ssh config file it was calling @include common-auth and once I commented that out, I was able to use my yubikey as intended to ssh into the computer. Insert the yubikiy into the local machine that I am on, ssh into the machine I want to access, enter my password followed by pressing the button on the yubikey and I was in! I though I was a happy camper but when I attempt to sudo (or su for that matter) my passwords were failing. So back to the logs I went and found out that in order to su or sudo via ssh, the yubikey had to be reinserted into the computer I was sshing INTO again. I think that it has to do with how (or in what order) PAM is looking for passwords or auths, but I am not sure and one thing I have learned is that it is very easy to lock yourself out of a box by messing around with PAM. Has someone got this working and would you be willing to share how...? Many Thanks |
|
| Author: | MD500Pilot [ Wed May 17, 2017 4:31 am ] |
| Post subject: | Re: [Q] Yubi SSH login AND Yubi Local Log On Possible? |
HELP....anyone...anyone...? New machine, still trying to make this work.... Thanks |
|
| Author: | Sevo [ Fri May 19, 2017 7:38 pm ] |
| Post subject: | Re: [Q] Yubi SSH login AND Yubi Local Log On Possible? |
AND or OR? As far as I know, Yubikey local log on is indeed local - workarounds to plug the stick into the remote end by USB-over-VPN would not be entirely impossible, but are hardly practicable. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|