So at work we use Yubikeys for various things. So i finally decided to spend the 30 bucks and get one myself for Lastpass and authentication for my servers. While i already have ssh key only authenication setup for most all of my servers, i figured why not for giggles setup up my yubikey as well.
So setting up two factor authentication for ssh isnt as hard as it sounds. I will now walk one through how to do this on Centos 6.4.
First you will need to enable the ELEP repowget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm -ivh epel-release-6-8.noarch.rpmyum update
Next you will need to install the Yubikey pam moduleyum install pam_yubico
Next open /etc/pam.d/sshd and add this line under #%PAM-1.0nano /etc/pam.d/sshd
line to be added:auth required pam_yubico.so id=16 authfile=/etc/yubikey_mappings
Next, you will need to map the yubikey output to individual usersnano /etc/yubikey_mappings
add lines like this where aaaaaaaaaaaa is the first 12 charactor output of your Yubikeyroot:aaaaaaaaaaaa
Next, add this to the bottom of your /etc/ssh/sshd_config filenano /etc/ssh/sshd_config
line to be added:RequiredAuthentications2 publickey,password
Finally, restart the ssh serviceservice sshd restart