The test OpenSSH service described in previous posts which uses Yubikey two-factor authentication seems to work fine, has been running in a very small-scale way since about August 2014, and was in fact developed as part of the more general investigative precursor project Project 279 – Options for two-factor authentication.
However, as mentioned in an earlier post, in order to make our overall site configuration both sensible and consistent, we’d definitely want to integrate the use of Yubikeys into our Cosign-protected websites too. So, having satisfied ourselves that the use of Yubikeys seemed to be viable, we created the project which is the subject of this blog – namely Project 313: Pilot service for Yubikey two-factor authentication – in order to develop a more fully-fledged ‘test’ service.
The previous posts bring this blog more or less up-to-date with the state of the test two-factor OpenSSH service, but by now there has also now been progress with Cosign integration.
In the New Year, I’ll post more information about the new project and, in particular, progress with integrating Yubikey use into Cosign.