Termius Documentation
Home
Download
Log In
Sign Up
Welcome to Termius
Installation
Protocols
SSH / Mosh / Telnet
Termius Handbook
Premium Features
Quick Connect
Terminal
Hosts
Groups
Tags
History
Keychain
SFTP
Port Forwarding
Snippets
Known Hosts
Synchronization
Customization
YubiKey Support
Account Management
Account & Subscription
Manage Team
Billing
Termius CLI
Installation
Import from SecureCRT
Import from Text / CSV
FAQ
Termius and 3rd-Party Apps
Premium Subscription
Miscellaneous
Troubleshooting
Changelog
iOS
Android
Desktop
Still need help?
Contact Support
Powered by GitBook
Have an account? Sign in

YubiKey Support

Last updated 2 months ago

YubiKey Server Authentication Setup

To set up a server for YubiKey authentication (in case of Ubuntu):

1. Run to set up required packets:

sudo add-apt-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get install libpam-yubico

2. Open /etc/passwd and add to the end of it

<username>:<YubiKey token ID>:<YubiKey token ID>: …

where username is the name of user who is going to authorize with YubiKey, and YubiKey token ID is a user’s YubiKey token identification, e.g.:

pam_user:cccccchvjdse

3. Create a mapping file, e.g. /var/yubico_passwd

The file should contain a single record:

<user name>:<YubiKey token ID>:<YubiKey token ID>: …

4. Open /etc/pam.d/sshd and add to the very beginning

auth required pam_yubico.so id=CLIENT_ID debug authfile=pathToMappingFile

You can get the CLIENT_ID parameter value at https://upgrade.yubico.com/getapikey; pathToMappingFile is the path to the mapping file (/var/yubico_passwd)

5. Open /etc/ssh/sshd_config and set the following parameters:

PubkeyAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes

6. Then restart the server with the ssh command:

sudo service ssh restart

Now, the user will be asked for the YubiKey code when authorizing.

System Requirements

iOS
Android
Desktop

  • iPhone 7 or later,

  • iOS 11 or later,

  • NFC supported devices

Lightning & USB support is on the roadmap.

  • NFC/USB supported devices

  • Android version 5 and above

Works via USB.

YubiKey is used as an additional keyboard.

Authorizing with YubiKey

iOS
Android
Desktop

  1. Set up a host for connecting to the YubiKey server.

  2. Connect. You will be asked for a YubiKey code.

  3. Tap Use a YubiKey. You will be asked to take your YubiKey closer to the NFC module.

  4. Take the YubiKey closer to the NFC module to transmit the code. The code will be received from the YubiKey by the NFC, after which Termius will connect to the server.

  1. Set up a host for connecting to the YubiKey server.

  2. Connect. You will be asked for a YubiKey code.

  3. Take the YubiKey closer to the NFC module to transmit the code (for which you need Android 5 or later). The code will be received from the YubiKey by the NFC, after which Termius will connect to the server.

If YubiKey or your smartphone does not support NFC, you can use USB. Connect the YubiKey to the smartphone and press the button on the YubiKey. The YubiKey code will appear in the input field.

  1. Set up a host for connecting to the YubiKey server.

  2. Connect. You will be asked for a YubiKey code.

  3. Connect the YubiKey to the computer and press the button on the YubiKey. The YubiKey code will appear in the input field, after which Termius will connect to the server.

Termius Handbook - Previous
Customization
Next - Account Management
Account & Subscription
Contents
YubiKey Server Authentication SetupSystem RequirementsAuthorizing with YubiKey