Server Fault

Questions tagged [yubikey]

Ask Question

The tag has no usage guidance.

22 questions
Newest
Active
Bountied
Unanswered
Filter by
Sorted by
Tagged with
17 votes
1 answer
5k views

Using Yubikey for sudo over SSH session

I currently use Kryptonite to handle protecting the private key I use to SSH into hosts. This works well, except when I need to escalate to root. When I sudo I have to go copy a randomly generated 20-...
thomasfedb's user avatar
thomasfedb
  • 455
13 votes
2 answers
2k views

SSH Two-Factor auth (2FA) with a yubikey

I have got this slick little yubikey and I want to add an additional layer of security when authenticating ssh sessions. On the server side I've already disabled password authentication and only ...
ben lemasurier's user avatar
ben lemasurier
  • 768
7 votes
1 answer
2k views

Is it possible to ignore a missing PAM module?

I am configuring yubico-pam to enable passwordless sudo access using challenge-response from a Yubikey. The following works: # /etc/pam.d/sudo auth sufficient pam_yubico.so mode=challenge-...
CodeGnome's user avatar
CodeGnome
  • 285
4 votes
1 answer
2k views

SSH agent: `sign_and_send_pubkey: signing failed for ECDSA-SK ... from agent: agent refused operation` except very first time

I have an ecdsa-sk keypair that I generated and added to my github account (tied to a yubikey). If I try any connection using that key, such as git push, I get: sign_and_send_pubkey: signing failed ...
Allen's user avatar
Allen
  • 143
4 votes
1 answer
2k views

ssh PIV error "sign_and_send_pubkey: signing failed for RSA "Public key for Digital Signature": agent refused operation"

I had to recently rebuild my laptop. In the process, I switched from Fedora31 to Kubuntu 20.04 LTS. Everything in the switch went without a hitch, except for one thing. Where I work we use 2FA for ...
Egyas's user avatar
Egyas
  • 153
2 votes
0 answers
74 views

GPG hangs when using a Yubikey

I am trying to debug why all of the sudden my Yubikey is taking very long to access. The Yubikey holds a GPG private key, that is then used for GPG and SSH. It was working just fine for several months ...
cdecker's user avatar
cdecker
  • 411
2 votes
0 answers
48 views

Removing additional password field from ssh login on Ubuntu 20

I just bought a Yubikey a few days back. I have tried to use the key to login to SSL without a password. I have it working, but it displays an error and shows interactive auth prompts. The only real ...
Keith Tysinger's user avatar
Keith Tysinger
  • 121
2 votes
1 answer
971 views

smart card for UAC only

I'm in the process of configuring USB Yubikeys as a smart card for our company so that staff can elevate to an admin account (added to the computer's local administrators group) by simply inserting ...
captcha's user avatar
captcha
  • 578
2 votes
0 answers
1k views

Freeradius multi-factor auth with LDAP and Yubikey

I just set up a freeradius server and would like to be able to authenticate using both the password of a ldap user and the yubico otp generated from their yubikey. It is working using the ldap ...
eli0T's user avatar
eli0T
  • 110
1 vote
1 answer
396 views

Use ssh key on GPG card to decrypt data

When a Windows instance is created in AWS, its password is encrypted using the public part of an SSH key. It's then possible to use the following command to retrieve the encrypted password: aws ec2 ...
a-h's user avatar
a-h
  • 111
1 vote
1 answer
2k views

Setting up OIDC with ADFS - Invalid UserInfo Request

Background So I've been pulling my hair out the past few weeks trying to get OIDC authentication working based on ADFS in various applications, specifically Proxmox VE as well as Gitea. The reason why ...
awillinger-work's user avatar
awillinger-work
  • 21
1 vote
1 answer
3k views

Smartcard Authentication on Windows Domain Controller using Yubikey for Windows Login

I have a Yubikey 5 NFC and I am trying to configure it on a test bench for windows login authentication. I cannot seem to get the certificate to enroll on the Yubikey. I have followed the Yubikey ...
ubuntuuber's user avatar
ubuntuuber
  • 113
1 vote
0 answers
748 views

Cannot redirect Yubikey into VMWare Horizon VDI with Ubuntu OS

I am not able to redirect to Yubikey into the VMWare Horizon VDI. the guest OS is Ubuntu 20.04 I have install the vmware client & the required driver with the following command: sudo ./...
user1172579's user avatar
user1172579
  • 111
1 vote
0 answers
362 views

Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico

I just got some YubiKeys to secure my important accounts and am now wondering about the best way of securing access to some VPS boxes I have. Up until now, I have disabled password-based login and ...
Benjamin Schneider's user avatar
Benjamin Schneider
  • 11
1 vote
0 answers
124 views

Yubikey won't receive an imported SSH auth key

I had a SSH key which I imported without problems in my GPG keyring as auth key using pem2openpgp from monkeysphere. The imported key works fine. I removed its SSH version from ~/.ssh and switched ...
Qippur's user avatar
Qippur
  • 135
1 vote
1 answer
884 views

"NO_PROPOSAL_CHOSEN" when trying to authenticate with a certificate from smartcard using swanctl

I'm trying to create a VPN tunnel between two VMs (named A and B) with strongSwan (for what matters, I use swanctl here) using a host-to-host configuration (as described here ) and a smartcard for B's ...
Nobozoa's user avatar
Nobozoa
  • 11
0 votes
1 answer
533 views

Google Credential Provider for Windows with Yubikey 2FA

Can I use my Yubikey hardware 2FA with Google Credential Provider for Windows (GCPW)? At the moment I am asked to sign in again the only option is Google Authenticator, and a few more but the Yubikey ...
Damian's user avatar
Damian
  • 113
0 votes
0 answers
48 views

Dovecot authentication with hardware key ( yubikey )

Recently, I've been working on implementing hardware keys for authorization in dovecot/postfix and unfortunately, perhaps due to lack of knowledge, I wasn't able to implement it. From what I've seen, ...
Croxxy's user avatar
Croxxy
  • 1
0 votes
1 answer
1k views

openssh connection from windows with yubikey ED25519-SK denied

I use my yubikey to authenticate against remote hosts with ssh. This works (with the same keys) on Linux, and it fails on Windows, with git-bash. all this is on windows 10, and this is OpenSSH_9.0p1, ...
Andreas Schuldei's user avatar
Andreas Schuldei
  • 143
0 votes
1 answer
1k views

using strongswan with pkcs11 and yubikey

I am trying to deploy a new VPN configuration in my enterprise. I have successfully established a connection between my computer and my vpn ipsec server in certificate mode. I uploaded the p12 file in ...
rBeal's user avatar
rBeal
  • 1
0 votes
0 answers
41 views

Yubikey public key recovery

I previously created and installed a private key and certificate on a Yubikey dongle, my harddrive died so effectively have a new machine. Is there any way I can obtain and reinstall my gpg PUBLIC key ...
sradforth's user avatar
sradforth
  • 101
-2 votes
1 answer
233 views

How fast is decryption by a YubiKey? [closed]

Do YubiKeys decrypt GPG or SSH/SFTP data directly within themselves? If so, would that cause a bottleneck? Do YubiKeys have accelerated AES hardware that does most of the heavy lifting of decryption? ...
andrew-e's user avatar
andrew-e
  • 186

Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.