| You can use Yubico OTP as you 2 Factor for SSH. As far as I know you can not use U2F as a 2 Factor over SSH because it needs support from OpenSSH (or whatever). A patch does exist, however, it is not yet upstream (any information on this welcome). However in the absence of U2F, you can still use Yubico OTP (HOTP) or you can use your yubikey together with your smartphone for TOTP. I think its a bad idea to use your smartphone as a 2Factor. However, if you combine your smartphone with your yubikey (download "Yubikey Authenticator") you can use your smartphone simply as a time provider. This has the added benefit that if you lose your phone, you can use any other phone/table to do the authentication. Google Authenticator does not support that feature, and Authy Cloud-based solutions are not for everybody. I use my Yubikey in all 3 different ways. I use Yubykey+Smartphone if I have no other options. Yubykey as U2F were I can (Dropbox, Github, Google) and Yubikey OTP (HOTP) for some services that support that instead of U2F. Additionally you can use the Yubikey to decrypt your harddrive with HMAC or Static Password. I really hope OpenSSH (and everybody else) will support U2F soon, its so much better then bothering with the smartphone and typing stuff into your computer. > https://github.com/Yubico/pam-u2f/issues/12 > https://bugzilla.mindrot.org/show_bug.cgi?id=2319 |
https://developers.yubico.com/yubico-pam/