March 24, 2016
linux, openssh, security

I dug a little further after my last post and stumbled upon this excellent blog post. It turns out that using the libpam-oath module for two-factor authentication is a lot easier than the challenge-response module and it works rather fabulously. I will document the steps I took here. Again, all credit goes to the author of that blog post above - I mainly followed his explanations and links. What we are going to do # We want to enable two-factor authentication when logging in via ssh. ...

OpenSSH + YubiKey HMAC-SHA1 challenge-response

March 23, 2016
linux, openssh, security

First off: this does not work as I wanted it to work .. it has some interesting implications though. The idea # I am using a YubiKey NEO for various things. It holds my PGP keys in its secure element and has the YubiKey slots configured to use HMAC-SHA1 challenge response and static password. You can for example unlock your KeePass(X) database using OATH-HOTP or the challenge-response mechanism. The idea was to use the PAM module in its challenge-response mode for authentication during SSH logins. ...