Yubico, YubiKey + SSHD and PAM.

So, here we go, a month after.

I did play with the Yubikey like explained in the previous post. I did not try back with the Google Apps but did make it work with the SSHD/PAM. I have to say it work’s really well. The only thing is that I would like it to work along with RSA key.

I did try it with the Yubico and SSH RSA keys and the RSA keys always take over… I am not sure if this how it should be or if I just need to change a PAM config ? I will need to check back on that.

I did stated in my previous post that I did not find any good Debian documentation. That is not true… Sorry… I did find one, however, I was to much in a hurry that I missed some stuff… And that one step was not really clear…

So here is the link for the documentation. : http://code.google.com/p/yubico-pam/wiki/YubikeyAndSSHViaPAM

This doc is from Yubico them self.. However, as step #1, Administrative level, you should know that the yubico token id is spliced in 2 parts and that the first part is the first 12 characters on one OTP password and the 2nd are the last 12 of that same password in order to work. I had to figure it out… :

<user name>:<yubikey tokan ID>:<yubikey tokan ID>:

Note that this it the same as per user basis.

Update : This is a better post to use yubikey with ssh keys, just note that I did not tested yet, but as by reading it, it look like a good alternative.



P.S : Again, sorry for my dirty english…