Packages that are required on the server: libpam-oath (>= 1.12.4-1 or you can’t have a fallback in this way) This was done on a Debian Wheezy server, but should work on anything that is similar. There are two parts to this: setting up the YubiKey to work, and setting up the fallback using the Google Authenticator Android app. The result is that when you SSH in it will ask first for your password, and then for the one-time password (OTP) provided by the YubiKey. TOTP is a time-based system, where a new password is generated every so often (30 seconds in this case.).HOTP is a counter-based system, where each password follows a sequence based on a counter that ticks up by one each time you generate the password.The documentation for this seems a bit scattered, so here’s my reference for how I made it work. In case I lose the key, I also want a fallback option so I don’t lose access to the server. It's better to try to do that from another browser session because we can return back to previous authentication method if something will go wrong.I have just acquired a YubiKey (the standard one) and wanted to use it to provide 2-factor authentication for SSH. Open second browser or second browsing session and try to log in again.Once the scanning of QR is done on your mobile, click on Finish to get the OTP page to enter otp from your mobile.During this time oxAuth reload list of available person authentication modules. Wait 30 seconds and try to log in again.Try to log in using OTP authentication method:.Select Default Authentication Method tab.Navigate to Configuration > Manage Authentication.Configure oxAuth to use OTP authentication by default:.Click Update button at the bottom of this page.Copy/paste script from TotpExternalAuthenticator.py.If Location type is selected as text, follow the below.Script would be automatically populated in the script box below. Select the Location Type, if the Location type is LDAP,.Enter level = 0-100 (priority of this method).Open Configuration > Manage Custom Scripts.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |