![]() ![]() HMAC key, 20 bytes (40 characters hex) : Ĭonfiguration data to be written to key configuration 1: Then you paste the output in the prompt: $ ykpersonalize -1 -o oath-hotp -o append-cr -aįirmware version 3.4.3 Touch level 1541 Program sequence 2 To use the program, simply call it with: head -1. Note that the code assumes a certain token length and will not workĬorrectly for other sizes. Remainder = len (data_b32 ) % 8 if remainder > 0 : # assume 6 chars are missing, the actual padding may vary: # ĭata_b16 = base64. Oath-convert which basically does this: read base32 ( base16 AKA "hexadecimal", with a fixed 20 bytes length). Google-authenticator command is not compatible with the tokenĮxpected by the ykpersonalize command used to configure the Yubikey Unfortunately, the encoding ( base32) produced by the Converting to a Yubikey-compatible secret Using the codes on my phone, but you would obviously keep it if you I disable the QR code display because I won't be Those are actually the defaults, if my memory serves me right, exceptįor the -qr-mode and -emergency-codes (which can't be disabled I prefer to just call the right ones on the commandline directly: google-authenticator -counter-based -qr-mode=NONE -rate-limit=1 -rate-time=30 -emergency-codes=1 -window-size=3 This will prompt you for a bunch of questions. To create a new key, run this command on the server: google-authenticator -c Then reload ssh (not sure that's actually necessary): service ssh reload To renew the token all the time and have more information about ![]() I also used no_increment_hotp debug while debugging to avoid having Only use it for SSH, I added this line on top of /etc/pam.d/sshd: auth required pam_google_authenticator.so nullok Then you need to add the module in your PAM stack somewhere. Source package: apt install libpam-google-authenticator On Debian, the PAM module is shipped in the google-authenticator Converting to a Yubikey-compatible secret.
0 Comments
Leave a Reply. |