How to configure Yubikey two factor authentication in ssh ?
- How to enable/disable Yubikey 2FA (Two-factor Authentication) in Ezeelogin?
Synopsis: This article provides a comprehensive guide on configuring and managing Yubikey two-factor authentication (2FA) for SSH jump host.
Do refer to the YouTube video to Configure Yubikey two-factor authentication in ssh jump host.
Step 1: Enable Yubikey 2FA in the Ezeelogin Web Interface with an admin privileged User.
- Login into Ezeelogin web GUI as an Admin user.
- Navigate to Settings -> General -> Two FactorAuthentication.
- Enable Yubikey by clicking on "Get Yubico API Key" to obtain the Client and Secret for Yubikey.
Step 2: Set Up Yubikey for User Authentication
- Navigate to Account > Password > New Yubikey and follow the prompts to complete the setup for each user.
Step 3: Usage in Web Interface
- Log in to the Ezeelogin web interface using the Yubikey 2FA method.
- The last successful 2FA method used in the web interface will automatically be applied to the backend SSH or ezsh shell.
Step to Disable Yubikey 2FA from the GUI.
- Navigate to Settings > General > Two-factor Authentication and disable Yubikey.
- Yubikey outbound URL's to be whitelisted
- Following are the Yubikey outbound URLs to be whitelisted in the firewall.
1. 'https://api.yubico.com/wsapi/2.0/verify'
2. 'https://api2.yubico.com/wsapi/2.0/verify'
3. 'https://api3.yubico.com/wsapi/2.0/verify'
4. 'https://api4.yubico.com/wsapi/2.0/verify'
5. 'https://api5.yubico.com/wsapi/2.0/verify'
- Yubikey Library requires access to the above URLs. Also, do check out the article for the list of YubiKey API servers that the YubiKey client would utilizehttps://developers.yubico.com/yubikey-val/Getting_Started_Writing_Clients.html
Related Articles: