LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssh key and yubikey (https://www.linuxquestions.org/questions/linux-security-4/ssh-key-and-yubikey-4175664111/)

wdatkinson 11-12-2019 10:53 AM
ssh key and yubikey
 
I have a cloud-based Debian 9 box that is currently authenticating by yubikey and password. My desire to is to replace the password with an ssh key. The end result would be upon an inbound connection, the yubikey would be inserted and the button pressed and viola, I'm in.

So far I'm able to get the box to auth with ssh keys or the password/yubikey option, but not the ssh-key/yubikey config.

There are several articles online that reference similar issues, but none of them seem to help. Most of them detail disabling PAM, but I need PAM to do the yubikey auth. I've tried various AuthenticationMethods in /etc/ssh/sshd_config as disabling common-auth in /etc/pam.d/sshd but no joy.

Anyone try this?

PECONET009 11-12-2019 12:02 PM
This might give you an idea on your issue.
 
Quote:
Originally Posted by wdatkinson (Post 6056825)
I have a cloud-based Debian 9 box that is currently authenticating by yubikey and password. My desire to is to replace the password with an ssh key. The end result would be upon an inbound connection, the yubikey would be inserted and the button pressed and viola, I'm in.

So far I'm able to get the box to auth with ssh keys or the password/yubikey option, but not the ssh-key/yubikey config.

There are several articles online that reference similar issues, but none of them seem to help. Most of them detail disabling PAM, but I need PAM to do the yubikey auth. I've tried various AuthenticationMethods in /etc/ssh/sshd_config as disabling common-auth in /etc/pam.d/sshd but no joy.

Anyone try this?
More here;
https://ocramius.github.io/blog/yubi...d-local-login/


All times are GMT -5. The time now is 05:33 PM.