Yubikey

[speedlnx]

Starting on December 10th, 2018, support for YubiCloud v1 protocol, plain-text requests and old TLS protocols & ciphers will be deprecated.

https://upgrade.yubico.com/getapikey/

https://status.yubico.com/2018/11/2...col-plain-text-requests-and-old-tls-versions/

Anyone know if proxmox ve is yet compliant?

 

[fabian]

The default URL still refers to the HTTP endpoint and needs to be updated (but you can already set a custom one anyway, so no need to wait for an update on that front). Filed https://bugzilla.proxmox.com/show_bug.cgi?id=2023 for easier tracking - feel free to subscribe to get a notification once the default has been changed.

 

[pfoo]

Any update on this ?
Yubico is already rejecting 50% of the requests, and they are gonna reject all of them in 3 weeks.

I forced a custom endpoint, but new/unaware proxmox admins might get locked-out in 3 weeks if they setup TFA

 

[fabian]

thanks for the ping - I forwarded it internally, the bug should get an update sometime next week.

 

[bleomycin]

Any guidance on this? My yubikey functionality seems to be broken now. I'm guessing this is related? I checked the proxmox wiki but it hasn't been updated. Thanks!

 

[anullinger]

Yes it tells "410 Gone" at the /var/log/daemon.log ... definitivly broken by now.

pveversion -v
proxmox-ve: 5.3-1 (running kernel: 4.15.18-11-pve)
pve-manager: 5.3-9 (running version: 5.3-9/ba817b29)
pve-kernel-4.15: 5.3-2
pve-kernel-4.15.18-11-pve: 4.15.18-33
pve-kernel-4.15.18-10-pve: 4.15.18-32
pve-kernel-4.15.18-9-pve: 4.15.18-30
pve-kernel-4.15.18-4-pve: 4.15.18-23
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-3
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-46
libpve-guest-common-perl: 2.0-20
libpve-http-server-perl: 2.0-11
libpve-storage-perl: 5.0-38
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.1.0-3
lxcfs: 3.0.3-pve1
novnc-pve: 1.0.0-2
proxmox-widget-toolkit: 1.0-22
pve-cluster: 5.0-33
pve-container: 2.0-34
pve-docs: 5.3-2
pve-edk2-firmware: 1.20181023-1
pve-firewall: 3.0-17
pve-firmware: 2.0-6
pve-ha-manager: 2.0-6
pve-i18n: 1.0-9
pve-libspice-server1: 0.14.1-2
pve-qemu-kvm: 2.12.1-1
pve-xtermjs: 3.10.1-1
qemu-server: 5.0-46
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.12-pve1~bpo1

 

[fabian]

fixed in git, sorry for the delay.