YubiKey Support
In this section, you'll find how to set up a server for YubiKey authentication.
1. Run to set up required packets:
Ubuntu
Fedora, EPEL
CentOS
1
sudo add-apt-repository ppa:yubico/stable
2
sudo apt-get update
3
sudo apt-get install libpam-yubico
Copied!
1
sudo yum install pam_yubico
Copied!
1
sudo yum install epel-release
2
sudo yum install pam_yubico
Copied!
2. Open /etc/passwd and add to the end of it
1
<username>:<YubiKey token ID>
Copied!
where username is the name of user who is going to authorize with YubiKey, and YubiKey token ID is a user’s YubiKey token identification, e.g.:
1
pam_user:cccccchvjdse
Copied!
If you have several Yubikey tokens for one user, add Yubikey token ID of other devices separated with :, e.g. with 3 Yubikey tokens:
1
pam_user:cccccchvjdse:cccccchvtbdr:ccccccundggr
Copied!
3. Create a mapping file, e.g. /var/yubico_passwd
The file should contain a single record:
1
<user name>:<YubiKey token ID>
Copied!
If you have several Yubikey tokens for one user, add Yubikey token ID of other devices separated with :, e.g. with 3 Yubikey tokens:
1
pam_user:cccccchvjdse:cccccchvtbdr:ccccccundggr
Copied!
4. Open /etc/pam.d/sshd and add to the very beginning
1
auth required pam_yubico.so id=CLIENT_ID debug authfile=pathToMappingFile
Copied!
You can get the CLIENT_ID parameter value at https://upgrade.yubico.com/getapikey; pathToMappingFile is the path to the mapping file (/var/yubico_passwd)
5. Open /etc/ssh/sshd_config and set the following parameters:
1
PubkeyAuthentication no
2
HostbasedAuthentication no
3
PermitEmptyPasswords no
4
ChallengeResponseAuthentication yes
5
PasswordAuthentication no
6
UsePAM yes
Copied!
6. Then restart the server with the ssh command:
sudo service ssh restart
Now, the user will be asked for the YubiKey code when authorizing.

System Requirements

iOS
Android
Desktop
  • iPhone 7 or later,
  • iOS 11 or later,
  • NFC supported devices
👉
Lightning & USB support is on the roadmap.
  • NFC/USB supported devices
  • Android version 5 and above
Works via USB.
YubiKey is used as an additional keyboard.

Authorize with YubiKey

iOS
Android
Desktop
  1. 1.
    Set up a host for connecting to the YubiKey server.
  2. 2.
    Connect. You will be asked for a YubiKey code.
  3. 3.
    Tap Use a YubiKey. You'll be asked to take YubiKey closer to the NFC module.
  4. 4.
    Take the YubiKey closer to the NFC module to transmit the code. The code will be received from the YubiKey by the NFC, after which Termius will connect to the server.
  1. 1.
    Set up a host for connecting to the YubiKey server.
  2. 2.
    Connect. You will be asked for a YubiKey code.
  3. 3.
    Take the YubiKey closer to the NFC module to transmit the code (for which you need Android 5 or later). The code will be received from the YubiKey by the NFC, after which Termius will connect to the server.
If YubiKey or your smartphone does not support NFC, you can use USB. Connect the YubiKey to the smartphone and press the button on the YubiKey. The YubiKey code will appear in the input field.
  1. 1.
    Set up a host for connecting to the YubiKey server.
  2. 2.
    Connect. You will be asked for a YubiKey code.
  3. 3.
    Connect the YubiKey to the computer and press the button on the YubiKey. The YubiKey code will appear in the input field, after which Termius will connect to the server.
Last modified 5mo ago