Does a known security issue allow ssh login via system accounts?
Stuart Henderson
stu at spacehopper.org
Tue Mar 8 05:02:40 AEDT 2022
On 2022/03/07 17:54, Brian Candler wrote:
> On 07/03/2022 17:40, Philipp Marek wrote:
> > > That's a nice thing about pam_yubico with real Yubikeys: they can be validated against the Yubico cloud API, without any local secrets.
> > Just to make sure I understand you correctly - a cloud service determines whether some access to your server is to be granted?
>
> Yes: a cloud service run by security experts, almost certainly more secure
> and better managed than I could build myself. And in any case, it's a second
> factor on top of private/public keys that I do manage locally.
>
> (They used to provide code for you to host your own validation server - but
> I've just checked and found that's end-of-life)
and written in PHP...
More information about the openssh-unix-dev
mailing list