Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:02 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: SSH Yubikey Login
PostPosted: Fri Jul 25, 2008 12:08 pm 
Offline

Joined: Fri May 09, 2008 8:00 am
Posts: 9
Wondering if any one might be able to help...

I wrote this a while ago its all still true
Quote:
Use Yubikey for SSH login
http://code.google.com/p/yubico-pam/wiki/ReadMe
Comment by timm.tem, May 08, 2008
Follow exact same instructions but add
"auth sufficient pam_yubico.so id=16 debug" to
/etc/pam.d/ssh at the top!! and the edit /etc/ssh/sshd_config
and make sure that...
ChallengeResponseAuthentication? yes
UsePAM yes
Not required but good pratice
PermitRootLogin? no


but this will alow any Yubikey to log on to my box but from the comment below

Quote:
Comment by TrinitronX, Jun 02, 2008
I think this should work just like key authentication in ssh. You simply add the user's unique yubikey ID (first 12 chars) to an authorized_yubikeys file within the user's ~/.ssh directory.

Comment by goo...@brianjohnson.cc, Jun 09, 2008
I second that. It's a proven solution.


I have added a ~/.ssh/authorized_yubikeys file with only on yubikey ID in it it is owned by the user and readable by everyone

Code:
timm@debian-server:~/.ssh$ ls -l
total 4
-rw-r--r-- 1 timm timm 15 2008-07-25 06:56 authorized_yubikeys
timm@debian-server:~/.ssh$


I have added AuthorizedKeysFile %h/.ssh/authorized_yubikeys to my /etc/ssh/sshd_config

Code:
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys
AuthorizedKeysFile     %h/.ssh/authorized_yubikeys


I am really now stuck to any help would be greatfully accepted thank you in advance.

Tim


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: SSH Yubikey Login
PostPosted: Thu Jul 31, 2008 2:29 am 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
Ralf has made SSH + Yubikey login to work for him and will use Yubikey in his course. He will be back from a trip next week and he agrees to share his experience.

Cheers :geek:

_________________
The YubiKey Server Guy


Top
 Profile  
Reply with quote  
 Post subject: Re: SSH Yubikey Login
PostPosted: Sat Aug 09, 2008 9:30 pm 
Offline

Joined: Fri May 09, 2008 8:00 am
Posts: 9
paul wrote:
Ralf has made SSH + Yubikey login to work for him and will use Yubikey in his course. He will be back from a trip next week and he agrees to share his experience.

Cheers :geek:


Thank you this is much appriciated

Tim


Top
 Profile  
Reply with quote  
 Post subject: Re: SSH Yubikey Login
PostPosted: Wed Apr 29, 2009 2:41 pm 
Offline

Joined: Wed Apr 29, 2009 2:16 pm
Posts: 1
Is there any way to integrate OTP with public key authentication to allow the use of ssh-agent? It would be great to be able to run multiple ssh sessions and not have to enter passwords/otp multiple times.


Top
 Profile  
Reply with quote  
 Post subject: Re: SSH Yubikey Login
PostPosted: Thu Apr 30, 2009 7:21 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
As of now, YubiKey OTP can not be used for public key authentication to allow the use of ssh-agent.
Any effort or experience sharing of developing such a functionality would be highly appreciated!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group