Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:47 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Mar 24, 2011 4:54 pm 
Offline

Joined: Mon Mar 07, 2011 11:58 pm
Posts: 2
Hi

Wondering if maybe somebody has already done it and could share how it was done?

I'm looking for setup where SSH allows login using ssh keys without using Yubikey but if user doesn't do key-auth then (s)he is asked for password+OTP. This is for situations where user sitting at his own workstation can ssh in without any issues but if he's on the road and connects from untrusted machine (doesn't have his ssh key with him), then OTP is required.

Any ideas/advice welcome :)

TQM


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Mar 24, 2011 11:53 pm 
Offline

Joined: Mon Mar 07, 2011 11:58 pm
Posts: 2
I think I've sorted it out - one thing I didn't realize was that SSH doesn't use PAM if you do key based auth... in default setup key auth is first, then interactive password prompt and that's exactly where PAM comes to play.

As usual the answer is "RTFM and if you still don't get it, go RTFM even more" :D

Now I'll try to do even more... add a backup (disconnected mode) to have three entry otpions:
1. SSH with key auth (works for both on/off-line systems)
2. SSH with password and OTP (for on-line systems, testing against Yubico cloud)
3. SSH with password and OTP (for off-line systems, using http://www.securixlive.com/yubipam)

Chances that I'll be at the machine and won't have my ssh key are rather very very slim, but better be safe than sorry :) and setting it up looks like good fun :D

Comments/ideas welcome!
TQM


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group