Difference between revisions of "Authentification"

From Blue-IT.org Wiki

(SSH)
 
Line 69: Line 69:
 
  '''UsePAM no'''  <<<< !!!!
 
  '''UsePAM no'''  <<<< !!!!
  
[[Category:IT-security]]
+
[[Category:Security]]

Latest revision as of 21:24, 2 December 2015

Yubikey

Please read and make yourself familiar with OTP and the concept or Two Factor Authentification.

Troubleshooting

I got the error (on ubuntu 14.04):

#> yubico-piv-tool -a status
Failed to connect to reader. 

This is a problem with USB: so put the Yubikey in another mode and reinsert it, install (see #Personalisation_Tool_and_basic_installation_on_Ubuntu) and start the yubico personalize tool (gui or cli) and do:

ykpersonalize -m82 

Reinsert the key and you can go ...

Personalisation Tool and basic installation on Ubuntu

You can use a ppa to install the required software in Ubuntu:

sudo apt-get install yubikey-personalization yubikey-personalization-gui yubikey-neo-manager yubioath-desktop ykneomgr yubico-piv-tool

Yubi unity.png

Owncloud

Two-factor authentication for ownCloud using one-time passwords (OTP) from Yubikey:

One Time Password Backend:

SSH

SSH Authentication with YubiKey | Linux Action Show 373 from Jupiter Broadcasting

SSH

Generally: only use key based authentification with your ssh-webserver login!

vim /etc/ssh/sshd_config
[...]
PermitRootLogin without-password
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no # <<<< !!!!

X11Forwarding no
UseLogin no

UsePAM no  <<<< !!!!