Has anyone succesfully used a Yubikey in FreeBSD's sshd?

[frijsdijk]

Hi,

We've bought two USB YubiKey sticks to see if it could work in FreeBSD.

I've taken http://mjslabs.com/yubihow.htmlas a reference. But it doesn't work. It all seems to work, but when the SSH prompt on the client asks for the YubiKey OTP, we touch the YubiKey, it sends the OTP, and then... nothing. No additional logging from sshd - nothing. It just sits there. When we give a wrong OTP (RAM keyboard), it says 'wrong password' and asks for an OTP again (so something seems to work), but when a correct OTP is provided, nothing happens.

I'm trying this in FreeBSD 9.2-RELEASE.

Is anyone using this YubiKey in recent versions of FreeBSD?

 

[T-Daemon]

You can contact the author of the Howto with the problem, since he is willing to give support. Refer to Update 10/2013:
Before doing please make sure you have checked the setup repeatedly for mistakes.

 

[mix_room]

I used it for a while, but never really got it to work as I wanted, so I gave up.
See the following thread: viewtopic.php?f=43&t=33576

For me the biggest issue was the fact that I couldn't run my own server. I didn't want to have to rely on external servers for my authentication process.

 

[frijsdijk]

Yes, I have had contact with the port maintainer.. and there is an issue that prevents it from working in 9.2-RELEASE. Not sure exactly what it is, but the default options of CURL need to be changed (so you can't use pkg_add -r or pkg install when using repo's from FreeBSD). Choose CARES in stead of THREADED_RESOLVER !

─── DNS resolving options ──
(*) CARES              Asynchronous DNS resolution via c-ares
( ) THREADED_RESOLVER  Threaded DNS resolver

 

[uchman]

Hi,

We've bought two USB YubiKey sticks to see if it could work in FreeBSD.

I've taken http://mjslabs.com/yubihow.htmlas a reference. But it doesn't work. It all seems to work, but when the SSH prompt on the client asks for the YubiKey OTP, we touch the YubiKey, it sends the OTP, and then... nothing. No additional logging from sshd - nothing. It just sits there. When we give a wrong OTP (RAM keyboard), it says 'wrong password' and asks for an OTP again (so something seems to work), but when a correct OTP is provided, nothing happens.

I'm trying this in FreeBSD 9.2-RELEASE.

Is anyone using this YubiKey in recent versions of FreeBSD?

Yes, please have a look at https://framkant.org/2015/11/using-smart-card-enabled-yubikey-for-ssh-authentication-in-freebsd/

 

[ShelLuser]

Yes, please have a look at https://framkant.org/2015/11/using-smart-card-enabled-yubikey-for-ssh-authentication-in-freebsd/

This is just my opinion but was there really any need to revive a 4 year old thread just to share a blog post? Not too sure myself. Also because it seems that you tried to revive all of the (old) threads which covered this. Quite a lot has changed in the mean time.