Yubikey is a small usb token that generates one time pads (OTP). The token can be used to enable two factor authentication to SecurityOnion.
- Something you know: password
- Something you have: yubikey
I used the documentation from Yubikey as a reference.
Link to their documentation
https://developers.yubico.com/yubico-pam/Yubikey_and_SSH_via_PAM.html
Prereqs
1. Ensure that GCC compiler is installed. It should be already installed if you are using the SecurityOnion ISO.
Install the PAM module for YubiKey
sudo add-apt-repository ppa:yubico/stable sudo apt-get install libpam-yubico
Configuration for Yubikey Token
<user name>:<yubikey token ID>:<yubikey token ID>: ….
A user name can be associated with multiple yubikey's.
To find the yubikey token id, it is the first 12 characters of the ID. Just open notepad and tap the yubikey and the ID will paste and display onto the screen. You can also visit the Yubikey demo website.
https://demo.yubico.com/
Generate the mapping file. The file can be located anywhere.
Recommended mapping file location ~/.yubico/authorized_yubikeys
Go to the home directory
$ cd auth
$ then mkdir .yubico
$ cd .yubico
$ vim authorized_yubikeys
Append and save the following mapping line into the file
auth required pam_yubico.so id=16 debug authfile=~/.yubico/authorized_yubikeys
pam_unix.so configuration
Save the mapping line into the file Append try_first_pass parameter to the pam_unix.so
vim /etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
Edit the sshd configuration file to disable challenge response passwords.
This should already be disabled by default if installed through the SecurityOnion iso.
