emailcas.blogg.se

15 Juni 2023 - 14:34
Yubikey with google
Allmänt
Yubikey with google











yubikey with google

Pretty neat! That’s just the cake though. This can be done with the ykchalresp application, though there is some extra logic required to translate it into a readable 6-digit code which is also provided by the yubi_googpython script./yubi_goog.py -yubi-no-sudo The Yubikey doesn’t know what time it is, so the computer has to send it. Unlike traditional Yubikey operation that generates a code when you press its button, TOTP requires a challenge to be sent from your computer. Now you can generate a 6-digit code that will match whatever Google Authenticator would be displaying. Ykpersonalize -2 -o chal-resp -o chal-hmac -o hmac-lt64 -a `./yubi_goog.py -convert-secret | cat` -y

yubikey with google

# Will prompt for your secret obtained in the last step The following line writes Google Authenticator config to slot 2, where they can live happily side by side. Yubikeys have two configuration slots, and if you are already using your Yubikey for another authentication method it will be in slot 1. You can now pass this into the Yubikey personalization tools and have it write the configuration to your Yubikey (make sure it is plugged in). Otherwise your best bet is to ask your friendly system administrator. It is non-trivial to extract this from an already configured Google Authenticator application, but if you are currently using it for SSH you can likely find it on your bastion host (the first host you SSH to): ssh 'head -1. You will need your Google Authenticator secret key. In addition you will need a handy wrapper script, yubi_goog.py. Yubico provides a number of useful tools on Github that can be used to program and configure your Yubikey to support TOTP, also available through homebrew. It took some wrangling, but I figured out how I could use this to remove the need for my phone and speed up the process as well. I did have my keyring however, including an existing Yubikey that I use for other two-factor auth systems. We require two-factor authentication for SSH, using a TOTP with the freely available Google Authenticator application that you install on your phone. After two consecutive days leaving my phone at home, it started to hit home just how hard it was to do my job on the Production Engineering team without being able to access our datacenters.













Yubikey with google
0 kommentar(er)
Om Mig: