Search the Community
Showing results for tags 'yubikey'.
Found 2 results
How to setup Yubikey 5 on Android phone and Windows Desktop guide, to replace Google Authenticator or Authy. Trying to think of ways this could be hacked, not quite sure all of the methods, but I think they all require physical possession of the yubikey itself and a password, on top of your login credentials. The idea behind this is hearing about sim swapping hacks and trying to get away from anything related to the phone carrier being hacked. Get yubikey somewhere, 2 or more of these as 1 will be a backup, probably official source so no tampering. I am using the Yubikey 5 for this example. https://www.yubico.com/products/ All authenticator downloads located here https://www.yubico.com/products/services-software/download/yubico-authenticator/ I don't have an iPhone so I can't test if the NFC part works on Apple products. On Android install the Yubico Authenticator App, now go to your site, lets pick https://www.southxchange.com/ . Go to user settings, Two-Factor Code Authentication and enable. When the QR shows up you want to scan this with your phone. Also write down the manual code. After the QT code is scanned in the phone will ask you to tap the yubikey NFC. Tap the yubikey to the phone. If you already have your backup yubikey, Click add and tap again. Now its stored on both yubikeys using QR code scanning. Enter the 6 digits to enable 2FA on your account. Download and install Windows Yubico Authenticator from the official link above. Plugin one of your yubikeys to your desktop, and your codes now pop up. Put passwords on both authenticator apps for extra security. For github, major exchanges, gmail, etc most of these offer to just add the key itself instead of using the 6 digit code. But this app is really handy for things like Discord.
I am using a yubikey 5 for this and Manjaro KDE distro. Amazon has same day delivery https://amzn.to/338KYgF slightly different but basically the same as official arch install, except I took out assuming the -m and $MK PIV application's 24-byte management key part as it didn't work for me when generating the self signed certificate. https://wiki.archlinux.org/index.php/YubiKey#Using_a_YubiKey_with_SSH #install yubikey manager sudo pacman -S yubikey-manager yubikey-manager-qt #plug in yubikey and verify it can be seen ykman list #generate key ykman piv generate-key -a RSA2048 9a pubkey.pem #generate self signed certificate ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem #install opensc package sudo pacman -S opensc #configure ssh to use opensc library nano ~/.ssh/config #enter single line below, save and exit PKCS11Provider /usr/lib/opensc-pkcs11.so #convert public-key to standard openssh format ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt #cat pubkey.txt to see your public key. example can copy and paste the public key into scaleway credentials cat pubkey.txt #or another way to get the public key onto your server cat ~/pubkey.txt | ssh [email protected] 'cat >> .ssh/authorized_keys' now when you ssh into your server, plug in your yubikey and you will be asked for a pin at the login prompt example ssh [email protected] and you will now be prompted for the yubikey pin to access your server