Setting Up YubiKey on Ubuntu Server with SSH

Summary

Introduction to YubiKey and Its Benefits

YubiKey is a small USB and NFC device that provides hardware-based authentication, offering enhanced security through two-factor authentication (2FA) and passwordless login. Using YubiKey with SSH on an Ubuntu server significantly improves security by requiring a physical token for authentication, reducing risks associated with password-based logins.

Prerequisites

  • Ubuntu server with SSH access
  • Administrative privileges on the server
  • YubiKey device (YubiKey 4, 5, or YubiKey Neo)
  • Local machine with YubiKey Manager software installed

Installing Required Software

On Ubuntu Server:
sudo apt update
sudo apt install libpam-yubico
On Local Machine:
sudo apt install yubikey-manager

Configuring YubiKey for SSH Authentication

  1. Insert YubiKey into your computer
  2. Open YubiKey Manager application
  3. Go to Applications tab and select FIDO2
  4. Ensure FIDO2 functionality is enabled
  5. Configure PIN and touch policy as desired

Setting Up SSH Keys with YubiKey

  1. Generate a new SSH key pair: 
    ssh-keygen -t ed25519-sk -C "your_email@example.com"
  2. Insert YubiKey and enter PIN when prompted
  3. Copy public key to Ubuntu server: 
    ssh-copy-id username@server_ip

Modifying SSH Configuration

Edit the SSH configuration on the Ubuntu server:

sudo nano /etc/ssh/sshd_config

Modify these lines:

PubkeyAuthentication yes
AuthenticationMethods publickey

Restart SSH service:

sudo systemctl restart sshd

Testing SSH Authentication with YubiKey

Test the setup by attempting to SSH into your server:

ssh username@server_ip

You should be prompted to insert your YubiKey and provide the PIN.

Troubleshooting

  • Ensure YubiKey is properly inserted and recognized
  • Verify SSH public key is correctly added to ~/.ssh/authorized_keys
  • Check SSH configuration for syntax errors
  • Consult system logs for error messages

Importance of Regular System Patching

Regular system patching is crucial for maintaining security and stability. It addresses vulnerabilities and bugs that could be exploited by attackers. Keeping your Ubuntu server up to date minimizes the risk of security breaches and ensures smooth system operation.

Simplifying Patch Management with LinuxPatch.com

LinuxPatch.com is a comprehensive patch management platform for Linux servers, offering:

  • Automated patch deployment
  • Centralized management
  • Compliance reporting
  • Scheduling and notifications

Use Cases for LinuxPatch.com

LinuxPatch.com automates patch management for enterprises with hundreds of servers, reducing workload and maintaining a robust security posture.

For industries with strict compliance regulations, LinuxPatch.com provides tools for adhering to security standards and generating compliance reports.

LinuxPatch.com offers a cost-effective solution for educational institutions with limited IT resources, ensuring secure infrastructure while focusing on education delivery.

Conclusion: The Road to Enhanced Security and Efficiency

Setting up YubiKey for SSH authentication on your Ubuntu server significantly enhances security. Combining this with LinuxPatch.com for automated patch management ensures your systems remain secure and up-to-date, allowing you to focus on critical tasks while maintaining a strong security posture.

Visit LinuxPatch.com for More Information