使用yubikey进行SSH登陆

使用yubikey进行SSH登陆

最近入手了Yubikey,打算使用yubikey的OTP进行登陆。具体配置如下

  1. 使用Yubikey Personalization tool进行Yubikey的配置(多图杀狗就略了)
  2. 通过 Get API Key 获取Yubikey API,样式如下
Client ID:	66888
Secret key:	CFFFFFFFFFP6XOiiJZs888888U=
  1. 在Debian上面安装依赖包
apt-get install libpam-yubico
  1. 创建yubikey list文件
touch /etc/ssh/authorized_yubikeys

例如我的文件内容是,只有许可的YubiKey IDs是可以被认证。YubiKey ID是Yubikey touch后输出的头12位。

root:v1xxxxxxxxxx:v2xxxxxxxxxx
  1. 修改/etc/pam.d/sshd文件
    注释掉
@include common-auth

在文件尾部增加

auth required pam_yubico.so id=<Client ID> key=<API key> authfile=/etc/ssh/authorized_yubikeys
  1. 修改/etc/ssh/sshd_config文件,修改
ChallengeResponseAuthentication  yes
UsePAM  yes
AuthenticationMethods publickey keyboard-interactive:pam
PasswordAuthentication no
PubkeyAuthentication yes
  1. 重启SSHD
systemctl restart sshd

Written with StackEdit.

Comments

sanderscaccia said…
As long as you realize the essential poker guidelines and what the winning hands encompass, have the ability to|you possibly can} play strategically and take advantage of} handy moves. To enhance your possibilities of winning, please hold studying this information, and guidance of} the sections that we have listed under. Alternatively, have the 1xbet ability to|you possibly can} play the free video poker game we have supplied on the high of the web page. If you just guess then you would easily do worse than with slots. But you came to the right place, outcome of|as a end result of} we'll cowl technique right here. Although it’s subtle, there are variations between how video poker and slot video games use certain applied sciences.
November 9, 2022 at 3:03 AM
Post a Comment