This article describes how to set up a server for YubiKey authentication as a second authentication factor.
The FIDO2-based SSH keys article describes how to use Yubikey with hardware-based SSH keys.
1 – Run to set up required packets:
sudo add-apt-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get install libpam-yubico
sudo yum install pam_yubico
sudo yum install epel-release
sudo yum install pam_yubico
2 – Open /etc/passwd and add to the end of it:
<username>:<YubiKey token ID>
where username
is the name of user who is going to authorize with YubiKey, and YubiKey token ID
is a user's YubiKey token identification, e.g.:
pam_user:cccccchvjdse
If you have several Yubikey tokens for one user, add YubiKey token ID
of the other devices separated with :
, e.g. with 3 Yubikey tokens:
pam_user:cccccchvjdse:cccccchvtbdr:ccccccundggr
3 – Create a mapping file, e.g. /var/yubico_passwd.
The file should contain a single record:
<user name>:<YubiKey token ID>
If you have several Yubikey tokens for one user, add YubiKey token ID
of the other devices separated with :
, e.g. with 3 Yubikey tokens:
pam_user:cccccchvjdse:cccccchvtbdr:ccccccundggr
4 – Open /etc/pam.d/sshd and add to the very beginning:
auth required pam_yubico.so id=CLIENT_ID debug authfile=pathToMappingFile
You can get the CLIENT_ID
parameter value at https://upgrade.yubico.com/getapikey; pathToMappingFile
is the path to the mapping file (/var/yubico_passwd).
5 – Open /etc/ssh/sshd_config and set the following parameters:
PubkeyAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes
6 – Then restart the server using the ssh command:
sudo service ssh restart
From now on, during authorization, the user should be asked for the YubiKey code.
System Requirements
- Works via USB.
- YubiKey is used as an additional keyboard.
- iPhone 7 or later.
- iOS 11 or later.
- NFC supported devices.
- NFC/USB supported devices.
- Android version 5 and above.
Authorize with YubiKey
- Set up a host for connecting to the YubiKey server.
- Connect. You will be asked for a YubiKey code.
- Connect the YubiKey to the computer and press the button on the YubiKey. The YubiKey code will appear in the input field, after which Termius will connect to the server.
- Set up a host for connecting to the YubiKey server.
- Connect. You will be asked for a YubiKey code.
- Tap Use a YubiKey. You'll be asked to take YubiKey closer to the NFC module.
- Take the YubiKey closer to the NFC module to transmit the code. The code will be received from the YubiKey by the NFC, after which Termius will connect to the server.
- Set up a host for connecting to the YubiKey server.
- Connect. You will be asked for a YubiKey code.
- Take the YubiKey closer to the NFC module to transmit the code. The code will be received from the YubiKey by the NFC, and after that Termius will connect to the server.
Note: If the YubiKey or your smartphone does not support NFC, you can use USB. Connect the YubiKey to smartphone and press the button on the YubiKey. A code will appear in the input field.
This doesn't work on a fresh install of Ubuntu 22.04, Termius installed on Android version 13, and a yubikey with version 5.43
Are you sure you should operate on /etc/passwd in step 2?? The data doesn't look like a proper format for that file.
Terbaru Indonesia APK adalah aplikasi yang dirancang untuk memberikan informasi terbaru mengenai berbagai hal, mulai dari berita, hiburan, hingga teknologi di Indonesia. Dengan antarmuka yang user-friendly, aplikasi ini memudahkan pengguna untuk mengakses konten terkini dengan cepat dan efisien. Pengguna dapat menikmati berbagai fitur seperti notifikasi berita, artikel menarik, dan video terbaru, yang semuanya dirangkum dalam satu platform. Aplikasi ini menjadi pilihan ideal bagi mereka yang ingin selalu update dengan perkembangan terbaru di tanah air.