...
- These docs are not the only way to accomplish the goal nor are YubiKeys the only way to accomplish password-less authentication however the further you deviate from these docs the less knowledge ITS has to assist you.
- The OS requires a lock on the YubiKey. If using multiple computers, even if a computer is virtual, multiple devices will be needed – one device per instance of the OS.
- A YubiKey can be passed through RDP session(s) (Windows only)
- Each device will have a different certificate. A certificate can, however, be used for access to both Linux and Windows servers.
- Expert mode: While a YubiKey (i.e. a Yubico device) is not required, the docs and process are assuming a YubiKey is being used. Any device that can securely generate and store keys in a way that can be cryptographically verified will work.
Process Overview
I. Initialize/Configure YubiKey
II. Determine which certificate to use
III. Submit certificate for verification
IV. Configure clients to use certificates
V. Next steps
I. Initialize/Configure YubiKey
| Include Page | ||||
|---|---|---|---|---|
|
...
If you plan on utilizing your YubiKey to login into Windows workstations or Windows servers via RDP (from a Windows workstation) you need a Windows CA-issued certificated. Otherwise, a self-signed certificate is sufficient.
...
| Expand | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
...
| Expand | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
...
| Expand | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
IV. Configure clients to use certificates
Windows: IV. YubiKey Windows SSH Client Configuration
Mac: IV. YubiKey Mac SSH Client Configuration
Linux: IV. YubiKey Linux SSH Client Configuration
...