Is remote ssh possible? #329
-
|
Hi, I'm a little confused after reading through several pages about pam_u2f, so let me ask: So I tried the same with pam_u2f because I would like to enforce the PIN additionally to touching the key. I setup a key with pamu2fcfg etc. and tried this in /etc/pam.d/ssh: But it seems to work only for "ssh localhost", i.e. when the key is plugged-in into the machine I want to ssh into. For a remote ssh server no yubikey prompt appears (neither for the PIN nor for touching the device). So is authentification to a remote ssh server supposed to work or is pam_u2f not able to do this? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Hi, pam-u2f is designed for local authentication. OpenSSH supports security keys though:
We also have a resource at https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html. |
Beta Was this translation helpful? Give feedback.
-
|
Ludvig Michaelsson wrote:
pam-u2f is designed for local authentication.
Ok, thanks a lot for clarifying!
OpenSSH supports security keys though:
* |man 1 ssh-keygen| and the |FIDO AUTHENTICATOR| section; and
* |man 8 sshd| and the |AUTHORIZED_KEYS FILE FORMAT| section (among others); and
* |man 5 sshd_config|, etc.
We also have a resource at https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html
Yes, I'm aware of that, thanks for this howto! I will likely go this
way as it allows to easily chose how much authentification one wants.
cu,
Frank
…--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
|
Beta Was this translation helpful? Give feedback.
Hi,
pam-u2f is designed for local authentication. OpenSSH supports security keys though:
man 1 ssh-keygenand theFIDO AUTHENTICATORsection; andman 8 sshdand theAUTHORIZED_KEYS FILE FORMATsection (among others); andman 5 sshd_config, etc.We also have a resource at https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html.