Highest Voted 'yubikey' Questions - Server Fault Stack Exchange

17

votes

1 answer

Using Yubikey for sudo over SSH session

I currently use Kryptonite to handle protecting the private key I use to SSH into hosts. This works well, except when I need to escalate to root. When I sudo I have to go copy a randomly generated 20-character string out of my password manager,…

ssh yubikey

asked May 02 '17 at 13:56

thomasfedb

455
5
14

13

votes

2 answers

SSH Two-Factor auth (2FA) with a yubikey

I have got this slick little yubikey and I want to add an additional layer of security when authenticating ssh sessions. On the server side I've already disabled password authentication and only permit the use of ssh keys when logging in. The…

ssh two-factor yubikey

asked Dec 10 '15 at 03:51

ben lemasurier

768
6
21

7

votes

1 answer

Is it possible to ignore a missing PAM module?

I am configuring yubico-pam to enable passwordless sudo access using challenge-response from a Yubikey. The following works: # /etc/pam.d/sudo auth sufficient pam_yubico.so mode=challenge-response auth required …

mac-osx pam yubikey

asked Apr 02 '15 at 15:03

CodeGnome

285
2
9

4

votes

1 answer

ssh PIV error "sign_and_send_pubkey: signing failed for RSA "Public key for Digital Signature": agent refused operation"

I had to recently rebuild my laptop. In the process, I switched from Fedora31 to Kubuntu 20.04 LTS. Everything in the switch went without a hitch, except for one thing. Where I work we use 2FA for all logins, and utilize a yubi key for this…

ssh yubikey

asked Jul 27 '20 at 18:03

Egyas

151
2
10

3

votes

1 answer

SSH agent: `sign_and_send_pubkey: signing failed for ECDSA-SK ... from agent: agent refused operation` except very first time

I have an ecdsa-sk keypair that I generated and added to my github account (tied to a yubikey). If I try any connection using that key, such as git push, I get: sign_and_send_pubkey: signing failed for ECDSA-SK "[...]/.ssh/id_ecdsa_sk" from agent:…

git ssh-keys ssh-agent yubikey

asked Jul 07 '22 at 22:09

Allen

131
6

2

votes

1 answer

smart card for UAC only

I'm in the process of configuring USB Yubikeys as a smart card for our company so that staff can elevate to an admin account (added to the computer's local administrators group) by simply inserting the key and typing a PIN. If possible I would like…

windows uac smartcard cryptography yubikey

asked Jan 23 '19 at 00:51

captcha

578
5
16

2

votes

0 answers

Freeradius multi-factor auth with LDAP and Yubikey

I just set up a freeradius server and would like to be able to authenticate using both the password of a ldap user and the yubico otp generated from their yubikey. It is working using the ldap password out of the box without any configuration, but I…

ldap authentication radius freeradius yubikey

asked Jul 29 '18 at 12:09

eli0T

110
11

2

votes

0 answers

GPG hangs when using a Yubikey

I am trying to debug why all of the sudden my Yubikey is taking very long to access. The Yubikey holds a GPG private key, that is then used for GPG and SSH. It was working just fine for several months and now it is taking several seconds just to…

gpg yubikey gnupg

asked Aug 04 '23 at 14:10

cdecker

411
2
5
18

2

votes

0 answers

Removing additional password field from ssh login on Ubuntu 20

I just bought a Yubikey a few days back. I have tried to use the key to login to SSL without a password. I have it working, but it displays an error and shows interactive auth prompts. The only real prompts are the customer and Yubikey one. How can…

ssh password yubikey

asked Oct 06 '21 at 03:37

Keith Tysinger

121
2

1

vote

1 answer

"NO_PROPOSAL_CHOSEN" when trying to authenticate with a certificate from smartcard using swanctl

I'm trying to create a VPN tunnel between two VMs (named A and B) with strongSwan (for what matters, I use swanctl here) using a host-to-host configuration (as described here ) and a smartcard for B's authentication I generated CA certificate and I…

strongswan yubikey

asked Nov 15 '19 at 10:45

Nobozoa

11
5

1

vote

1 answer

Use ssh key on GPG card to decrypt data

When a Windows instance is created in AWS, its password is encrypted using the public part of an SSH key. It's then possible to use the following command to retrieve the encrypted password: aws ec2 get-password-data…

amazon-web-services openssl gpg yubikey

asked Nov 04 '19 at 13:36

a-h

111
3

1

vote

1 answer

Smartcard Authentication on Windows Domain Controller using Yubikey for Windows Login

I have a Yubikey 5 NFC and I am trying to configure it on a test bench for windows login authentication. I cannot seem to get the certificate to enroll on the Yubikey. I have followed the Yubikey Smartcard deployment guide, but does not seem to be…

windows-authentication smartcard yubikey

asked Feb 04 '19 at 07:04

ubuntuuber

113
1
3

1

vote

1 answer

Setting up OIDC with ADFS - Invalid UserInfo Request

Background So I've been pulling my hair out the past few weeks trying to get OIDC authentication working based on ADFS in various applications, specifically Proxmox VE as well as Gitea. The reason why I am doing this is primarily driven by Proxmox,…

proxmox adfs openid yubikey

asked Sep 02 '22 at 10:28

awillinger-work

21
2

1

vote

0 answers

Cannot redirect Yubikey into VMWare Horizon VDI with Ubuntu OS

I am not able to redirect to Yubikey into the VMWare Horizon VDI. the guest OS is Ubuntu 20.04 I have install the vmware client & the required driver with the following command: sudo ./install_viewagent.sh -m yes -U yes -A yes sudo apt install…

ubuntu vmware-esxi vdi yubikey

asked Mar 27 '22 at 09:25

user1172579

111
1

1

vote

0 answers

Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico

I just got some YubiKeys to secure my important accounts and am now wondering about the best way of securing access to some VPS boxes I have. Up until now, I have disabled password-based login and used SSH keys to connect to the servers. As far as I…

ssh security yubikey multi-factor-authentication

asked Dec 12 '21 at 11:34

Benjamin Schneider

11
1

Questions tagged [yubikey]