Yubico. The entreprise implementation.



So, I did play with the Yubi key for a while now and I think this is the time to bring it on to the next level.

I will try to implement the solution to SSH login on 25% of our Linux boxes. I will try to finish that ASAP and will let you know the user’s feed back. Now, let’s place order at http://yubico.com for a bunch of keys… And the nano one for me… ūüėČ


Will keep you posted.

P.S : I’m also thinking to use the Yubico radius server for our VPN connectivity. May be… Will see if I have time for that.



1H20 for 25 Km with my bike this morning to go to work.

Front wind, big bridge and dangerous city street…


Not a bad time for the first year run…

Yubico, YubiKey + SSHD and PAM.

So, here we go, a month after.

I did play with the Yubikey like explained in the previous post. I did not try back with the Google Apps but did make it work with the SSHD/PAM. I have to say it work’s really well. The only thing is that I would like it to work along with RSA key.

I did try it with the Yubico and SSH RSA keys and the RSA keys always take over… I am not sure if this how it should be or if I just need to change a PAM config ? I will need to check back on that.

I did stated in my previous post that I did not find any good Debian documentation. That is not true… Sorry… I did find one, however, I was to much in a hurry that I missed some stuff… And that one step was not really clear…

So here is the link for the documentation. : http://code.google.com/p/yubico-pam/wiki/YubikeyAndSSHViaPAM

This doc is from Yubico them self.. However, as step #1, Administrative level, you should know that the yubico token id is spliced in 2 parts and that the first part is the first 12 characters on one OTP password and the 2nd are the last 12 of that same password in order to work. I had to figure it out… :

<user name>:<yubikey tokan ID>:<yubikey tokan ID>:

Note that this it the same as per user basis.

Update : This is a better post to use yubikey with ssh keys, just note that I did not tested yet, but as by reading it, it look like a good alternative.



P.S : Again, sorry for my dirty english…

Yubico – A little promotion for a great product.

Hi There,

This is a short post to promot a great security product by a company named Yubico. Yubiko is a 2nd level of authentication for cloud services and other with a key that ”generate” strong password. You can view all the details here :¬†yubico.com/yubicloud¬†and consider supporting¬†YubiKey¬†login

Also, this product has been discussed on a good show that I listen.: HAK5 see: hak5.org

Thanks !