YubiCloud integration

A

awado

Active Member
Mar 2, 2020
34
7
28
53
Hi, I wanted to test the YubiKey U2F mechanism with YubiCloud. The manual only mentions that phrase, but I cannot find a clear instruction how to bind to the YubiCloud servers, only the setup for self hosted key servers. Don't know if the documents at yubico.com changed. They are not a big help here.

In the datacenter's options there is a U2F setting, but I cannot find any information about the two URL to put in there and how to proceed.
 
  • Like
Reactions: gsmitheidw
I'm finding this tricky too - the documentation doesn't seem to be correct for the current (7.1) version of Proxmox:

https://pve.proxmox.com/wiki/YubiKey#Securing_a_realm_with_Yubico_Two-Factor_Authentication

The instructions do not lead you to a menu that has those options. It looks like the options have been spit into two sections.
One of which is the API details (client ID and secret key for yubicloud?) and the rest is in the 2FA section.
Slightly nervous I'll lock myself out of the remote system setting this up so better up to date instructions would be great.
 
Edit: Apologies, I miss read the initial question and thought you wanted Yubico OTP. The forum link below however also details how to setup WebAuthn (U2F is deprecated and expected to stop working in Chrome next year March 2022).

Navigate to https://upgrade.yubico.com/getapikey/ and apply for access to Yubico's public cloud hosted API. You should receive a key ID and password that you then configure.

Nice thing with Yubico OTP is that you can enforce all logins for a domain/realm to use this.

Herewith a sample:
Code: 
[admin@kvm1e ~]# cat /etc/pve/domains.cfg pam: pam
comment Linux PAM standard authentication
default 1
tfa id=78901,key=LBJcfjdOOA/qTs7gJCoM5k,type=yubico

pve: pve
comment Proxmox VE authentication server

PS: Not a real key or password!


Additional information on the structure of the tfa.cfg file, to register valid Yubico OTP public key portions for users (first 12 characters of a short press OTP uniquely identify each YubiKey):
https://forum.proxmox.com/threads/webauthn-registration-failed.99861/#post-431848

How to setup WebAuthn (no Yubico Cloud API integration required and no need to setup website hosted JSON AppID file):
https://forum.proxmox.com/threads/pve-7-1-u2f-broken-confused-about-webauthn.100095/
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back