SSH Authentication with a Feitian ePass NFC/FIDO/U2F Security Key Feitian ePass NFC FIDO U2F Security Key can work as a Generic Identity Device Specification (GIDS) smart card. There are also many other manufacturers and card models to which these instructions can be applied, but the specific tools to initialize the card can be different. In this how-to, we will prepare a USB/NFC hardware key for SSH authentication and register the device in WebADM.
Documents in ssh
Authentication with a Nitrokey / PIV In this How-To we will configure a user in WebADM for using a PIV key. We need a WebADM server already configured. 1. Import the Inventory We need to create an inventory file like this: "Type","Reference","Description","DN","Data","Status" "PIV Device","<ID1>","PIV Nitrokey","","PublicKey=<pub_key1>","Valid" "PIV Device","<ID2>","PIV Nitrokey","","PublicKey=<pub_key2>","Valid" "PIV Device","<ID3>","PIV Nitrokey","","PublicKey=<pub_key3>","Valid" For my test, I have a Nitrokey Start with a PIV certificate and I use gpg2 --card-edit for the management of the Nitrokey.
1. Overview Hardening is the process of securing a system by reducing its surface of vulnerability. We will show you how to reduce available ways of attack this includes enabling FIPS mode, changing the default password, encrypting configuration passwords, limiting SSL Protocols and Ciphersuites, replacing Certificates, setting a bootloader password, disable root access with SSH root, securing the MySQL/MariaDB Databases, setting Firewall rules and resetting RCDevs Virtual Appliance root password… Please consider carefully which of these settings are relevant for your use.
How To Install and Configure PAM OpenOTP Plugin to Enable Multifactor Authentication on Linux Machines Simple login flow Push Login flow 1. Background On Unix-like systems, processes such as the OpenSSH daemon need to authenticate the user and learn a few things about him or her (user ID, home directory, …). Authentication is done through a mechanism called Pluggable Authentication Modules, and retrieving information about users (or even groups, hostnames, …) is done through another mechanism, called the Name Service Switch.