...
- These docs are not the only way to accomplish the goal nor are YubiKeys the only way to accomplish password-less authentication however the further you deviate from these docs the less knowledge ITS has to assist you.
- The OS requires a lock on the YubiKey. If using multiple computers, even if a computer is virtual, multiple devices will be needed – one device per instance of the OS.
- A YubiKey can be passed through RDP session(s) (Windows only)
- Each device will have a different certificate. A certificate can, however, be used for access to both Linux and Windows servers.
- Expert mode: While a YubiKey (i.e. a Yubico device) is not required, the docs and process are assuming a YubiKey is being used. Any device that can securely generate and store keys in a way that can be cryptographically verified will work.
Process Overview
I. Initialize/Configure YubiKey
II. Certificate Enrollment
IIIII. Submit certificate for verification
IVIII. Configure clients to use certificates
VIV. Next steps
I. Initialize/Configure YubiKey
...
I.
...
Certificate Enrollment
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
...
II. Submit certificate for verification
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
...
III. Configure clients to use certificates
Windows: IVIII. YubiKey Windows SSH Client Configuration
Mac: IVIII. YubiKey Mac SSH Client Configuration
Linux: IVIII. YubiKey Linux SSH Client Configuration
...
IV. Next steps
YubiKey Duo Setup - start.rit.edu/Duo
...