Yubikey + SSH key Authenication

on July 22, 2013, 8:31 p.m.

So at work we use Yubikeys for various things. So i finally decided to spend the 30 bucks and get one myself for Lastpass and authentication for my servers. While i already have ssh key only authenication setup for most all of my servers, i figured why not for giggles setup up my yubikey as well.

So setting up two factor authentication for ssh isnt as hard as it sounds. I will now walk one through how to do this on Centos 6.4.

First you will need to enable the ELEP repo
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum update

Next you will need to install the Yubikey pam module
yum install pam_yubico

Next open /etc/pam.d/sshd and add this line under #%PAM-1.0
nano /etc/pam.d/sshd
line to be added:
auth required pam_yubico.so id=16 authfile=/etc/yubikey_mappings

Next, you will need to map the yubikey output to individual users
nano /etc/yubikey_mappings
add lines like this where aaaaaaaaaaaa is the first 12 charactor output of your Yubikey
root:aaaaaaaaaaaa

Next, add this to the bottom of your /etc/ssh/sshd_config file
nano /etc/ssh/sshd_config
line to be added:
RequiredAuthentications2 publickey,password

Finally, restart the ssh service
service sshd restart