Notes sur la configuration d’une clef yubikey pour l’authentification sous smartos.
pkgin install ykclient-2.12 libyubikey-1.12
pkgin install libtool-2.4.2nb2
pkgin install pkg-config-0.28
pkgin install asciidoc-8.6.9nb2
git clone https://github.com/Yubico/yubico-pam.git yubico-pam
git checkout 2.17
cd yubico-pam/
autoreconf --install
./configure --prefix=/opt/local/ --without-ldap --without-cr
make install
/etc/pam.conf
sshd auth requisite /opt/local/lib/security/pam_yubico.so authfile=/etc/yubikey_mappings id=21245 key=27UsY1NnI9NIi/Ywt3xbkZcBBzE=
#sshd auth requisite pam_authtok_get.so.1
#sshd auth required pam_dhkeys.so.1
#sshd auth required pam_unix_cred.so.1
#sshd auth required pam_unix_auth.so.1
svcadm disable ssh
pkgin install openssh-6.6.1nb3
cd /opt/local/etc/ssh
ssh-keygen -b 8192 -t rsa -f ssh_host_rsa_key -N ""
sshd_config
HostKey /opt/local/etc/ssh/ssh_host_rsa_key
PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes
PrintMotd no
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
svcadm enable openssh svcadm restart openssh
svcs -L openssh tail -f $(svcs -L openssh)