On 2022/03/07 17:54, Brian Candler wrote: > On 07/03/2022 17:40, Philipp Marek wrote: > > > That's a nice thing about pam_yubico with real Yubikeys: they can be validated against the Yubico cloud API, without any local secrets. > > Just to make sure I understand you correctly - a cloud service determines whether some access to your server is to be granted? > > Yes: a cloud service run by security experts, almost certainly more secure > and better managed than I could build myself. And in any case, it's a second > factor on top of private/public keys that I do manage locally. > > (They used to provide code for you to host your own validation server - but > I've just checked and found that's end-of-life) and written in PHP... _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev