So, here we go, a month after.
I did play with the Yubikey like explained in the previous post. I did not try back with the Google Apps but did make it work with the SSHD/PAM. I have to say it work’s really well. The only thing is that I would like it to work along with RSA key.
I did try it with the Yubico and SSH RSA keys and the RSA keys always take over… I am not sure if this how it should be or if I just need to change a PAM config ? I will need to check back on that.
I did stated in my previous post that I did not find any good Debian documentation. That is not true… Sorry… I did find one, however, I was to much in a hurry that I missed some stuff… And that one step was not really clear…
So here is the link for the documentation. : http://code.google.com/p/yubico-pam/wiki/YubikeyAndSSHViaPAM
This doc is from Yubico them self.. However, as step #1, Administrative level, you should know that the yubico token id is spliced in 2 parts and that the first part is the first 12 characters on one OTP password and the 2nd are the last 12 of that same password in order to work. I had to figure it out… :
<user name>:<yubikey tokan ID>:<yubikey tokan ID>:
Note that this it the same as per user basis.
Update : This is a better post to use yubikey with ssh keys, just note that I did not tested yet, but as by reading it, it look like a good alternative.
http://berrange.com/?s=yubico
P.S : Again, sorry for my dirty english…