Yubikey support

I would to see yubikey supported as one of the ways to 2-factor auth.

See https://developers.yubico.com/

Status: 
Active

Comments

Are you referring specifically to YubiKey's cloud authentication service YubiCloud?

We could support that, but it would take some development work (similar to what was done for authy).

Doesn't Yubikey also support TOTP, which is already implemented in Webmin (and doesn't require dependency on an external service) ?

Yes Yubikey does use OTP if you can make that work that would be really cool.

Webmin already has support for the TOPT protocol for two-factor authentication, so if Yubikey supports that they it should work with no further changes on our side.

Each yubikey has to register first then you can use it for webmin logins. So you need to add code that will access yubicon's api to do this.

I'll look into this some more - on the Yubikey site it says TOTP is supported, but with some additional software.

Any news on this ?? I would love to get away from google auth soon.

@ JamieCameron Yubico made libs available. u2f protocol is more and more accepted (due use of facebook and google and many more) For me it would be also a great advantage to secure my web/virtualmins with yubikeys.

The T of Totp is indeed created by additional software. the yubikey has no battery or clock, so it can't create totp itself. Other mechanism yubikey does is challange/response, certificates, u2f, pgp, programmable passwordresponse (quite a nice little versitile device)

For your convience I added some links to dev pages: https://developers.yubico.com/OTP/ https://developers.yubico.com/yubico-perl-client/

If you are willing to give a bit guidance in howto implement these perl modules within webmin so we can pass authentication, I'm willing to help testing/poc drive.

Regards,

Thanks, I'll take a look at those APIs.