Difference between revisions of "Authentification"
From Blue-IT.org Wiki
(→Personalisation Tool) |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
Please read and make yourself familiar with OTP and the concept or '''Two Factor Authentification'''. | Please read and make yourself familiar with OTP and the concept or '''Two Factor Authentification'''. | ||
− | === | + | === Troubleshooting === |
− | + | I got the error (on ubuntu 14.04): | |
+ | #> yubico-piv-tool -a status | ||
+ | Failed to connect to reader. | ||
− | * https://launchpad.net/~yubico/+archive/ubuntu/stable | + | This is a problem with USB: so put the Yubikey in another mode and reinsert it, install (see [[#Personalisation_Tool_and_basic_installation_on_Ubuntu]]) and start the yubico personalize tool (gui or cli) and do: |
− | + | ||
+ | ykpersonalize -m82 | ||
+ | |||
+ | Reinsert the key and you can go ... | ||
+ | |||
+ | === Personalisation Tool and basic installation on Ubuntu === | ||
+ | |||
+ | You can use a ppa to install the required software in '''Ubuntu''': | ||
+ | |||
+ | * https://launchpad.net/~yubico/+archive/ubuntu/stable | ||
+ | * https://www.yubico.com/products/services-software/personalization-tools/use/ | ||
− | sudo apt-get install yubikey-personalization yubikey-personalization-gui yubikey-neo-manager yubioath-desktop ykneomgr | + | sudo apt-get install yubikey-personalization yubikey-personalization-gui yubikey-neo-manager yubioath-desktop ykneomgr yubico-piv-tool |
[[Image:Yubi_unity.png]] | [[Image:Yubi_unity.png]] | ||
+ | |||
+ | === Owncloud === | ||
+ | |||
+ | Two-factor authentication for ownCloud using one-time passwords (OTP) from Yubikey: | ||
+ | |||
+ | * http://www.sj-vs.net/two-factor-authentication-for-owncloud-using-one-time-passwords-otp-from-yubikey/ | ||
+ | |||
+ | One Time Password Backend: | ||
+ | |||
+ | * https://apps.owncloud.com/content/show.php/One+Time+Password+Backend?content=159196 | ||
+ | |||
+ | === SSH === | ||
+ | |||
+ | SSH Authentication with YubiKey | Linux Action Show 373 from [https://www.youtube.com/watch?v=F3D1gqXPW98 Jupiter Broadcasting] | ||
+ | * https://www.youtube.com/watch?v=F3D1gqXPW98 | ||
+ | * http://www.jupiterbroadcasting.com/85062/ssh-authentication-with-yubikey-las-373/ | ||
== SSH == | == SSH == | ||
Line 41: | Line 69: | ||
'''UsePAM no''' <<<< !!!! | '''UsePAM no''' <<<< !!!! | ||
− | [[Category: | + | [[Category:Security]] |
Latest revision as of 21:24, 2 December 2015
Contents
Yubikey
Please read and make yourself familiar with OTP and the concept or Two Factor Authentification.
Troubleshooting
I got the error (on ubuntu 14.04):
#> yubico-piv-tool -a status Failed to connect to reader.
This is a problem with USB: so put the Yubikey in another mode and reinsert it, install (see #Personalisation_Tool_and_basic_installation_on_Ubuntu) and start the yubico personalize tool (gui or cli) and do:
ykpersonalize -m82
Reinsert the key and you can go ...
Personalisation Tool and basic installation on Ubuntu
You can use a ppa to install the required software in Ubuntu:
- https://launchpad.net/~yubico/+archive/ubuntu/stable
- https://www.yubico.com/products/services-software/personalization-tools/use/
sudo apt-get install yubikey-personalization yubikey-personalization-gui yubikey-neo-manager yubioath-desktop ykneomgr yubico-piv-tool
Owncloud
Two-factor authentication for ownCloud using one-time passwords (OTP) from Yubikey:
One Time Password Backend:
SSH
SSH Authentication with YubiKey | Linux Action Show 373 from Jupiter Broadcasting
- https://www.youtube.com/watch?v=F3D1gqXPW98
- http://www.jupiterbroadcasting.com/85062/ssh-authentication-with-yubikey-las-373/
SSH
Generally: only use key based authentification with your ssh-webserver login!
vim /etc/ssh/sshd_config
[...] PermitRootLogin without-password StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no PasswordAuthentication no # <<<< !!!! X11Forwarding no UseLogin no UsePAM no <<<< !!!!