Yubico Forum
https://forum.yubico.com/

Yubico Authenticator app + OpenSSH
https://forum.yubico.com/viewtopic.php?f=26&t=2696
Page 1 of 1

Author:  cafebabe [ Fri Sep 01, 2017 11:17 pm ]
Post subject:  Yubico Authenticator app + OpenSSH

Hi,

I was wondering if it was possible to use the Yubikey NEO with the Yubico Authenticator app (NFC) to get two-factor authentication with OpenSSH (https://developers.yubico.com/yubico-pam/)?

I'm already using my Yubikey NEO to log on my OpenSSH server (in USB mode) but sometimes I don't have access to a computer/laptop and I would like to use my phone with some SSH client. I've implemented this scenario using the Google Authenticator app and their PAM module and it works great but I would like to leverage the NFC feature of my NEO for added security. But I can't figure out a way to do the same thing with the Yubico PAM module. With Google's solution it's very simple, all I have to do is call their script on the server side then I get a QR code that I scan using the mobile app and then I can log from anywhere using my username/password and the OTP that was generated by the app.

Is there a way to do that with the Yubico Authenticator app and the PAM module?

Thanks,

Christian

Author:  Morthawt [ Mon Oct 02, 2017 3:15 pm ]
Post subject:  Re: Yubico Authenticator app + OpenSSH

I am not sure if this is what you want, but yesterday I experimented and followed a relatively simple to follow tutorial to add TOTP code 2-factor to my linux VPS server's openSSH login, when I login through Putty on windows. It asks me for a verification code, I plug in my Yubikey, authenticate with my password to the Yubico Authenticator program on my desktop, then I double click my VPS entry and copy the code, paste it into putty and press enter, then enter my account's password and press enter and then I am logged in. Through the process of setting it up I had to maximize my putty window to see the whole QR code, although they do provide the secret in text form that you can manually enter into the authenticator app to add the credential. Here is the guide: https://www.digitalocean.com/community/ ... untu-16-04

I hope that helps you out.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/