Does a known security issue allow ssh login via system accounts?
Damien Miller
djm at mindrot.org
Wed Mar 9 12:39:31 AEDT 2022
On Wed, 9 Mar 2022, Blumenthal, Uri - 0553 - MITLL wrote:
> > > I don't understand what you said. Does the cloud service
> >authenticate the user, or does it not???
> >
> > err, missed a word - it does not
>
> In that case, what about this.
>
> From https://developers.yubico.com/yubico-pam/, description of the PAM
> module parameters:
>
> mode: Mode of operation. Use "client" for online validation
> with a YubiKey validation service such as the YubiCloud, or use
> "challenge-response" for offline validation using YubiKeys with
> HMAC-SHA-1 Challenge-Response configurations. See the man-page
> ykpamcfg(1) for further details on how to configure offline
> Challenge-Response validation.
I assumed we were talking about the PAM module that apparently created
the situation that started this thread, i.e.
https://github.com/google/google-authenticator-libpam and not the
Yubico one.
-d
More information about the openssh-unix-dev
mailing list