Questions tagged [yubikey]
The yubikey tag has no usage guidance.
22
questions
17
votes
1
answer
5k
views
Using Yubikey for sudo over SSH session
I currently use Kryptonite to handle protecting the private key I use to SSH into hosts. This works well, except when I need to escalate to root.
When I sudo I have to go copy a randomly generated 20-...
13
votes
2
answers
2k
views
SSH Two-Factor auth (2FA) with a yubikey
I have got this slick little yubikey and I want to add an additional layer of security when authenticating ssh sessions. On the server side I've already disabled password authentication and only ...
7
votes
1
answer
2k
views
Is it possible to ignore a missing PAM module?
I am configuring yubico-pam to enable passwordless sudo access using challenge-response from a Yubikey. The following works:
# /etc/pam.d/sudo
auth sufficient pam_yubico.so mode=challenge-...
4
votes
1
answer
2k
views
SSH agent: `sign_and_send_pubkey: signing failed for ECDSA-SK ... from agent: agent refused operation` except very first time
I have an ecdsa-sk keypair that I generated and added to my github account (tied to a yubikey). If I try any connection using that key, such as git push, I get:
sign_and_send_pubkey: signing failed ...
4
votes
1
answer
2k
views
ssh PIV error "sign_and_send_pubkey: signing failed for RSA "Public key for Digital Signature": agent refused operation"
I had to recently rebuild my laptop. In the process, I switched from Fedora31 to Kubuntu 20.04 LTS. Everything in the switch went without a hitch, except for one thing. Where I work we use 2FA for ...
2
votes
0
answers
74
views
GPG hangs when using a Yubikey
I am trying to debug why all of the sudden my Yubikey is taking very long to access. The Yubikey holds a GPG private key, that is then used for GPG and SSH. It was working just fine for several months ...
2
votes
0
answers
48
views
Removing additional password field from ssh login on Ubuntu 20
I just bought a Yubikey a few days back. I have tried to use the key to login to SSL without a password. I have it working, but it displays an error and shows interactive auth prompts.
The only real ...
2
votes
1
answer
971
views
smart card for UAC only
I'm in the process of configuring USB Yubikeys as a smart card for our company so that staff can elevate to an admin account (added to the computer's local administrators group) by simply inserting ...
2
votes
0
answers
1k
views
Freeradius multi-factor auth with LDAP and Yubikey
I just set up a freeradius server and would like to be able to authenticate using both the password of a ldap user and the yubico otp generated from their yubikey.
It is working using the ldap ...
1
vote
1
answer
396
views
Use ssh key on GPG card to decrypt data
When a Windows instance is created in AWS, its password is encrypted using the public part of an SSH key.
It's then possible to use the following command to retrieve the encrypted password:
aws ec2 ...
1
vote
1
answer
2k
views
Setting up OIDC with ADFS - Invalid UserInfo Request
Background
So I've been pulling my hair out the past few weeks trying to get OIDC authentication working based on ADFS in various applications, specifically Proxmox VE as well as Gitea. The reason why ...
1
vote
1
answer
3k
views
Smartcard Authentication on Windows Domain Controller using Yubikey for Windows Login
I have a Yubikey 5 NFC and I am trying to configure it on a test bench for windows login authentication. I cannot seem to get the certificate to enroll on the Yubikey. I have followed the Yubikey ...
1
vote
0
answers
748
views
Cannot redirect Yubikey into VMWare Horizon VDI with Ubuntu OS
I am not able to redirect to Yubikey into the VMWare Horizon VDI. the guest OS is Ubuntu 20.04 I have install the vmware client & the required driver with the following command:
sudo ./...
1
vote
0
answers
362
views
Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico
I just got some YubiKeys to secure my important accounts and am now wondering about the best way of securing access to some VPS boxes I have. Up until now, I have disabled password-based login and ...
1
vote
0
answers
124
views
Yubikey won't receive an imported SSH auth key
I had a SSH key which I imported without problems in my GPG keyring as auth key using pem2openpgp from monkeysphere.
The imported key works fine.
I removed its SSH version from ~/.ssh and switched ...
1
vote
1
answer
884
views
"NO_PROPOSAL_CHOSEN" when trying to authenticate with a certificate from smartcard using swanctl
I'm trying to create a VPN tunnel between two VMs (named A and B) with strongSwan (for what matters, I use swanctl here) using a host-to-host configuration (as described here ) and a smartcard for B's ...
0
votes
1
answer
533
views
Google Credential Provider for Windows with Yubikey 2FA
Can I use my Yubikey hardware 2FA with Google Credential Provider for Windows (GCPW)?
At the moment I am asked to sign in again the only option is Google Authenticator, and a few more but the Yubikey ...
0
votes
0
answers
48
views
Dovecot authentication with hardware key ( yubikey )
Recently, I've been working on implementing hardware keys for authorization in dovecot/postfix and unfortunately, perhaps due to lack of knowledge, I wasn't able to implement it. From what I've seen, ...
0
votes
1
answer
1k
views
openssh connection from windows with yubikey ED25519-SK denied
I use my yubikey to authenticate against remote hosts with ssh. This works (with the same keys) on Linux, and it fails on Windows, with git-bash.
all this is on windows 10, and this is OpenSSH_9.0p1, ...
0
votes
1
answer
1k
views
using strongswan with pkcs11 and yubikey
I am trying to deploy a new VPN configuration in my enterprise.
I have successfully established a connection between my computer and my vpn ipsec server in certificate mode.
I uploaded the p12 file in ...
0
votes
0
answers
41
views
Yubikey public key recovery
I previously created and installed a private key and certificate on a Yubikey dongle, my harddrive died so effectively have a new machine.
Is there any way I can obtain and reinstall my gpg PUBLIC key ...
-2
votes
1
answer
233
views
How fast is decryption by a YubiKey? [closed]
Do YubiKeys decrypt GPG or SSH/SFTP data directly within themselves? If so, would that cause a bottleneck? Do YubiKeys have accelerated AES hardware that does most of the heavy lifting of decryption?
...