Conversation
Notices
-
Infected Moomin (moonman@shitposter.club)'s status on Monday, 25-Nov-2019 18:23:26 CET 
Infected Moomin
configured ssh two-factor authentication using yubikey. works pretty well. Factors are yubikey OTP and password. No way to use SSH key in two-factor ssh setup, it just overrides everything as the only factor. -
Infected Moomin (moonman@shitposter.club)'s status on Monday, 25-Nov-2019 18:27:28 CET
Infected Moomin
@opal hm, when I enabled it it just disabled the other factors. -
Infected Moomin (moonman@shitposter.club)'s status on Monday, 25-Nov-2019 18:28:52 CET
Infected Moomin
@opal that's ok, this way is good enough for government work. -
Nobody [LinuxWalt (@lnxw48a1)] (lnxw48a1@nu.federati.net)'s status on Monday, 25-Nov-2019 18:33:19 CET ![Nobody [LinuxWalt (@lnxw48a1)]](https://social.umeahackerspace.se/avatar/15503-48-20200421020821.png)
Nobody [LinuxWalt (@lnxw48a1)]
@moonman Because: Yo[u] [will] b[e] [in] Key [oto] [soon]. Infected Moomin likes this. -
Infected Moomin (moonman@shitposter.club)'s status on Monday, 25-Nov-2019 18:55:30 CET
Infected Moomin
Another limitation seems to be that when enabled, every user must have a yubikey. This is a real problem if there's automated processes accessing the server over SSH.
One way around this may be to run a second ssh server configured separately. -
Infected Moomin (moonman@shitposter.club)'s status on Monday, 25-Nov-2019 19:49:37 CET
Infected Moomin
@dielan yeah I'm already anticipating this being a huge pain in the ass. But it's required to pass our PCI compliance audit. -
Mikael (mikael@social.umeahackerspace.se)'s status on Tuesday, 26-Nov-2019 05:40:43 CET 
Mikael
Se have mfa requirements at work as well. Right now we have our private keys in yubikey and unlock them to ssh agent every 12 hours. Sudo is done with agent passing (ssh -A) . We are looking into transitioning to signed ssh keys and hashicorp vault. Infected Moomin likes this.
-
All umeHack social content and data are available under the