- 如果yubikey爲默認設置則跳過此步;否則按如下設置
下載對應的YubiKey Personalization Tool https://www.yubico.com/products/services-software/download/
上傳完成後如圖所示:
2. 安裝認證模塊
#yum -y install epel-release
#yum -y install pam_yubico
確認/lib64/security/或/usr/lib64/security有pam_yubico.so模塊
3. 創建用戶認證文件
#touch /etc/yubikey_mappings
格式如下:
USER_NAME:YUBIKEY_ID[:YUBIKEY_ID2]
YUBIKEY_ID取OTP前12個字符
4. 修改/etc/pam.d/sshd
auth required pam_yubico.so id=ID authfile=/etc/yubikey_mappings
ID請到https://upgrade.yubico.com/getapikey/申請
說明:
若yubikey作單因素認證則修改爲如下:
auth sufficient pam_yubico.so id=ID authfile=/etc/yubikey_mappings
5. 修改/etc/ssh/sshd_config
ChallengeResponseAuthentication yes
UsePAM yes
6. 重啓sshd服務並登錄驗證。
備註:
yum install libyubikey-devel
yum install ykclient
yum install ykpers
重置