[Gllug] Does the YubiKey USB security token actually work in Linux?

general_email at technicalbloke.com general_email at technicalbloke.com
Fri Jun 24 12:06:53 UTC 2011


On 24/06/11 12:22, Robert McKay wrote:
> On Fri, Jun 24, 2011 at 10:25 AM, Richard W.M. Jones <rich at annexia.org>wrote:
>
>> On Thu, Jun 23, 2011 at 11:54:42PM +0100, Progga wrote:
>>> the manufacturer Yubico is claiming [4] that "The YubiKeys are also used
>>> by Fedora’s core team members for securing access to high security
>>> hosts.".  Now my question is, does any one have any experience with
>>> these on a Linux machine?
>> Yes.  I can access my Fedora account using a Yubikey, from any machine
>> (Linux or otherwise) that has a USB port.
>>
>> It doesn't require "Linux support" as such.  The Yubikey acts as a USB
>> keyboard and sends key strokes for the OTP when you press the button.
>>
> Isn't it rather inconvenient having to connect it to a usb port every time
> you want to log in? Do you have to disconnect the existing keyboard as well?
> Or do all keyboards just automatically get used at once?
>
> Rob
>

They all work together so there's no need to disconnect anything, unless
you're out of ports. I leave 2 of these (permanently connected to my
monitor with USB extension leads) in static password mode for my main
machine and backup machine so I never have to type my 32 character admin
passwords. Obviously that's not that good an idea in an office
environment but if physical security isn't an issue it's a huge
timesaver. Also, naturally, the static password mode leaves you
vulnerable to keylogging but that's what the OTP mode is for.

The only physical problem I've had with them is that sometimes they
enter the password too fast for machines under heavy loads and a few
characters are skipped, you can reduce the speed of input with the
"personalization tool" though, happily available for Win32, MacOSX and
Linux.

Roger












>
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20110624/b7296ca2/attachment.html>
-------------- next part --------------
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list