First and foremost, mad props to Matt Levavi who scoured forums and mailing lists to compile a simple how to. Here's the jist of setting up SSHD in Ubuntu to use authentication with a Yubikey.
mkdir ~/.yubico sudo aptitude install autoconf libtool libusb-1.0-0-dev libcurl4-openssl-dev libpam-dev # Download Yubico-pam, Yubico-c-client, Libyubikey and Yubikey-personalization sudo autoreconf --install; ./configure; make; make install # in each directory with Yubico-pam being last # Get an API key and passwd from https://upgrade.yubico.com/getapikey/ sudo vi /etc/pam.d/sshd # Find PAM configuration and add: auth required pam_yubico.so id=key= debug sudo vi /etc/pam.d/common-auth # add "debug try_first_pass" to end of auth string sudo vi /etc/ssh/sshd_config # ensure PasswordAuthention yes and ChallengeResponseAuthentication no sudo mv /usr/local/lib/security/pam_yubico.so /lib/security sudo vi ~/yubico/authorized_yubikeys # syntax: user: sudo touch /var/run/pam-debug.log chmod go+w /var/run/pam-debug.log sudo service ssh restart
I think you may have broken Matt’s website, getting 403 error
says video is not available. the mp4 link says 404
Great Episode!!!…
FYI: the voting on this page (or on any page) does not work, it just says “please wait…” when you click on it. This has been broken for a long, long time on your website…
please see if you can fix it.
Hi Darren & Shannon
2 Words = That rocked!!!
Hadoken!!!
Any info on that pwdvi / pwvi program for editing the password file?
Would like to see how to use google auth for ssh and regular login
James, vipw or vigr are two programs that help to manually modify the /etc/passwd and /etc/group files so that you don’t make a mistake and break your system. It performs a sanity check when exiting to make sure the file is formatted correctly.
What is the deal with the recent episodes of Hak5? They have become Darren pretty much conducting the episodes like a boring college lecture. It’s just him writing on the table with markers and Shannon saying “Ooooh Oookkkâ€. You would think the host of a Tech show would be teaching the audience… not one host boring the audience while teaching the other host! Used to be a big fan…..
And get off the SSH
And get off the SSH already…
And stop dropping the played-out references to shannon’s SSh Into Your Heart Song….
You forgot to mention in order for this to work the box you are connecting to must have internet connection to check key. Carefull guys this won’t work on a isolated box.
Okay, so I was watching this episode and started thinking of a way to make secure password.
What not use time in the maths.
like this:
Password: 0001
maths= x5 -4 x%time%= %password%
time could be anything that is the current time, the date or both.
i.e. 11:59:22 – Hours:Mintes:seconds or 05:04:2012 month:day:year or both 11:59:22:05:02:2012
I really hate to think what that number might be, but you’d leave out the ‘:’ and just go with numbers, since the first lot would only need to be in two’s and the last would be four.
Wait this is a stupid idea, right?