If you would like to add additional layer of security you can change the output of the challenge- file to an area of the OS where you'll need sudo permission to edit the file ( e.g. Warning: Having a backup YubiKey is strongly recommended so that if your device is lost or broken, you will not be locked out of your computer. If you do not have a backup device available at this time, you can add one later using the same steps as long as you still have access to your account. If you have backup YubiKeys, repeat the steps above to associate them with your account. If successful, you will see an output such as Stored initial challenge and expected response in '/home//.yubico/challenge-' where is your username and is the serial number printed on the YubiKey. 3 Associating the YubiKey(s) With Your Account Note: Setting up additional YubiKeys is strongly recommended so that if your YubiKey is lost or broken you are not locked out of your computer. Repeat these steps for any additional YubiKeys you want associated with your account. Press Y and then Enter to confirm the configuration.You will have done this if you used the Windows Logon Tool or Mac Logon Tool. Note: This section can be skipped if you already have a challenge-response credential stored in slot 2 on your YubiKey. Run: sudo apt install libpam-yubico yubikey-manager.Note: If you have a Security Key (blue device) which does not support HMAC-SHA1 challenge-response, you will want to see the Ubuntu Linux Login Guide - U2F article instead. See here for an article geared towards Red Hat and its derivatives. The commands in the guide are for an Ubuntu (or Ubuntu based - such as Linux Mint) system, but the instructions can be adapted for any distribution of Linux. This does not work with remote logins via SSH or other methods. This guide covers how to secure a local Linux login using the HMAC-SHA1 Challenge-Response feature on YubiKeys.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |