What are the pros and cons? Is it any better than having just Key-Based Auth? Can it be installed together with Key-Based Auth? Thanks!
you can program the slots of the yubikey to generate strings with your own way, I don't know how exactly thoughOther problem with Yubikey is that they essentially have access to your token, which makes your security somewhat weaker if you don't trust them/their security.
It doesn't? Like I said, I haven't even read their docs yet (I've been way too busy since Google I/O), I was just referring to two-factor authentication in general... but, they have to be. If they are using the key only that's only fulfilling one requirement of two and surely someone would have called Google out on that fact by now...Google Authenticator can be used with a VPS. I use it on a few of mine.
It doesn't use your Google account for login. Like walesmd said above, it's a pseudo random number generated from a unique hash.
Google provide a PAM module that can be quite easily implemented. There's a good howto here: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/
Each yubikey slot is a 128 bit aes key, which it then uses to generate OTPs, etc.you can program the slots of the yubikey to generate strings with your own way, I don't know how exactly though
I think I have a draft saved that I was about to publish.... Can't remember why it's still a draft. Must be something that isn't working as it should.<hint>Would be cool if a member posted a tutorial on how to get started with this</hint>
I must have deleted my draft, see if I an get it baxk from a backup and post it after setting it up and tested it.I think I have a draft saved that I was about to publish.... Can't remember why it's still a draft. Must be something that isn't working as it should.
I can try and go over the steps again this week and post an update.
Perhaps hou should take a look at phonefactor?We implemented 2FA for our WHMCS login. Since i'm the only one of our team that doesn't carry a smartphone, I use a yubikey, while everyone else uses OTP from GAuthenticator.
I find it extremely difficult to remember to carry my yubikey. There have been times I get to the office and realize that my yubikey is at home. I'm seriously considering carrying my tablet with me everywhere instead.