[Cialug] two factor ssh auth
Kenneth Younger
kenny at sheerfocus.com
Wed Sep 21 16:46:30 CDT 2011
Can I just say that's very impressive.
On Wed, Sep 21, 2011 at 3:56 PM, Tom Pohl <tom at tcpconsulting.com> wrote:
> I know a little bit about pam_yubico. When I implemented it a few years
> ago, I had to hack the code pretty hard to get it to function correctly.
> I'd imagine that it is much more polished now.
>
> We implemented it with LDAP lookup for the key identifier to ensure that
> the yubikey matches the user that logs in.
>
> I also have it hit my own variation of their web application server for
> verification without using their servers which involves reprogramming the
> keys to have a new AES key that only my service knows.
>
> To re-program the key, I figured out how to re-program the yubikey from the
> web by utilizing their activex control in Internet Exploder.
>
> There is also another mode to the key where you have have it spit out a
> long static password instead of the OTP mode.
>
> -Tom
>
>
>
> On Sep 21, 2011, at 3:20 PM, Barry Von Ahsen wrote:
>
> > On 9/21/2011 3:17 PM, Barry Von Ahsen wrote:
> >> On 9/21/2011 2:48 PM, Don Ellis wrote:
> >>> On Tue, Sep 20, 2011 at 12:50 PM, Barry Von Ahsen<barry at vonahsen.com>
> >>> wrote:
> >>>> is anyone doing two factor ssh auth? I started looking at ssh key +
> pass
> >>>> and found monkeysphere[1], I also found wikid[2], freeradius and
> >>>> duo_unix[3].
> >>>>
> >>>> any suggestions or gotchas? free or low cost is best. also,
> >>>> unfortunately,
> >>>> end users are all windows based
> >>>>
> >>>>
> >>>> -barry
> >>>>
> >>>> [1] http://web.monkeysphere.info/why/#index2h2
> >>>> [2] http://www.wikidsystems.com/
> >>>> [3]
> >>>>
> http://blog.duosecurity.com/2011/04/announcing-duos-two-factor-authentication-for-unix/
> >>>>
> >>>
> >>> One of my LUG buddies here in St Louis (MO) really likes YubiKey with
> >>> LastPass. Physical token is really inexpensive and simple.
> >>
> >> nice, that looks awesome
> >
> > even better, EPEL has pam_yubico packaged for RHEL/centos
> >
> > -barry
> >
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
--
Kenneth Younger III
Founder, Sheer Focus Inc.
e: kenny at sheerfocus.com
p: (515) 367-0001
t: @kenny <http://twitter.com/kenny>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110921/2be8e27d/attachment.html>
More information about the Cialug
mailing list