From d1ab4539e4d1d3115befbaad08220d94541a3aee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20Str=C3=A5th?= Date: Thu, 30 Oct 2014 11:14:55 +0100 Subject: [PATCH] Fixed adoc error --- doc/Yubikey_and_SSH_via_PAM.adoc | 38 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/doc/Yubikey_and_SSH_via_PAM.adoc b/doc/Yubikey_and_SSH_via_PAM.adoc index 1f24b69..817751c 100644 --- a/doc/Yubikey_and_SSH_via_PAM.adoc +++ b/doc/Yubikey_and_SSH_via_PAM.adoc @@ -1,4 +1,4 @@ -=== Introduction === +== Introduction == The purpose of this document is to guide readers through the configuration steps to use two factor authentication for SSH using Yubikey. This document @@ -6,7 +6,7 @@ assumes that the reader has advanced knowledge and experience in Linux system administration, particularly for how PAM authentication mechanism is configured on a Linux platform. -=== Prerequisites === +== Prerequisites == Successful configuration of the Yubico PAM module to support two factor authentication requires following prerequisites: @@ -22,7 +22,7 @@ Version 1.5 or later https://developers.yubico.com/yubico-pam[Yubico PAM Module]:: Version 1.7 or later -=== System Requirements === +== System Requirements == This document illustrates the configuration steps for Fedora Core 8 operating system. However, there steps should work on most other Linux @@ -37,20 +37,20 @@ for the user and the One-Time Password (OTP) generated by Yubikey assigned to the user. -=== Build yubico-c-client and pam_yubico === +== Build yubico-c-client and pam_yubico == Build instructions for yubico-c-client and pam_yubico are found in their respective README. -=== Configuration === +== Configuration == -==== Configuration for user and YubiKey token ID mapping ==== +=== Configuration for user and YubiKey token ID mapping === There are two ways of user and YubiKey token ID mapping. It can be either done at administrative level or at individual user level. -===== Administrative Level ===== +==== Administrative Level ==== In Administrative level, system administrators hold right to configure the user and yubikey token ID mapping. Administrators can achieve this by creating @@ -83,7 +83,7 @@ kurt:ertbhunjimko The mapping file must be created/updated manually before configuration of Yubico PAM module for SSH authentication. -====== Configuration of modified pam_yubico.so module at administrative level ====== +===== Configuration of modified pam_yubico.so module at administrative level ===== Append the following line to the beginning of the `/etc/pam.d/sshd` file: @@ -104,7 +104,7 @@ successful verification of OTP Yubico PAM module from the Yubico authentication server, a success code is returned. -===== User Level ===== +==== User Level ==== In User level, individual users have the ability to configure yubikey token ID assigned to them. Users can achieve this by creating a new file @@ -129,7 +129,7 @@ be placed inside user's home directory before configuration of Yubico PAM module for SSH authentication. -====== Configuration of modified pam_yubico.so module at user level ====== +===== Configuration of modified pam_yubico.so module at user level ===== Append the following line to the beginning of the `/etc/pam.d/sshd` file: @@ -146,7 +146,7 @@ successful verification of OTP Yubico PAM module from the Yubico authentication server, a success code is returned. -==== pam_unix.so configuration ==== +=== pam_unix.so configuration === Append _try_first_pass_ parameter to the _pam_unix.so_ module to authenticate the user with password passed from the preceding auth module. @@ -155,16 +155,16 @@ The _pam_unix.so_ module used for authentication is generally located into `/etc/pam.d/system-auth` for RedHat based Linux system and into `/etc/pam.d/common-auth` for Debian based Linux systems. -==== SSH configuration ==== +=== SSH configuration === Edit the sshd configuration file `/etc/ssh/sshd_config`_ to disable challenge- response passwords. Change `challenge-response passwords yes` to `challenge-response passwords no`. -=== Test Setup === +== Test Setup == -==== Fedora 8 ==== +=== Fedora 8 === Test setup for fedora 8 environment is as follows: @@ -173,7 +173,7 @@ Kernel Version:: Kernel version 2.6.23.1-42.fc8 OpenSSH Version:: openssh-4.7p1-2.fc8 Yubico PAM Version:: pam_yubico-1.7 -==== Fedora 6 ==== +=== Fedora 6 === Test setup for fedora 6 environment is as follows: @@ -183,12 +183,12 @@ OpenSSH Version:: openssh-4.3p2-10 Yubico PAM Version:: pam_yubico-1.7 -==== PAM configuration ==== +=== PAM configuration === PAM configuration files in our testing environment are as follows: -===== /etc/pam.d/sshd ===== +==== /etc/pam.d/sshd ==== ------- auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug auth include system-auth @@ -201,7 +201,7 @@ session required pam_loginuid.so ------- -===== /etc/yubikeyid ===== +==== /etc/yubikeyid ==== ------- root:indvnvlcbdre:ldvglinuddek @@ -218,7 +218,7 @@ Please change PAM configuration settings for SSH as shown above and test the configuration. -=== Testing the Configuration === +== Testing the Configuration == We assume that you have 'root' and 'test' user configured to access SSH on your test environment with password 'secret' and 'pencil' respectively.