YubiKeyAuth - use of one YubiKey for more than one account

    Hello,


    I have tried to set up my YubiKey to the Reseller account after I linked it but I got the message that the key is already used for one account.
    I would like to use the YubiKey for several accounts (admin, reseller, domains) in order to have higher security level for all of them. Perhaps another setting (use key just for one accound <-> allow key for several accounts) would be helpful for others too?


    Regards Jörg

    (Ubuntu 16.04, i-MSCP 1.5.1, php-Fpm, Plugins: ClamAV, CronJobs, InstantSSH, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, PolicydSPF, Postscreen, RecaptchaPMA, RoundcubePlugins, ServerDefaultPage, SpamAssassin, YubiKeyAuth)

    @UncleJ


    Currently, it is not permitten to associate a YubiKey to more than one i-MSCP account.


    You can always associate your YubiKey with the administrator account and from the administrator account, simply switch to the other interfaces.

    • Associate your YubiKey to your administrator account
    • Login as administrator
    • Switch to reseller interface or customer interface, depending on your needs.

    We cannot allow a user to associate one YubiKey to several i-MSCP accounts because the plugin is also supporting 1FA (YubiKey only) OTP authentication. In such setup, the YubiKey unique identifier is used by the OTP authentication handler to retrieve the i-MSCP account identity (one YubiKey identifier map to one identity). If we start to link a YubiKey to several accounts (hence, to more than one identity), there will be ambiguous identity problems.


    I'll allow this in later version by asking user for credentials (even if 1FA is enabed) when there is ambiguous identity.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @UncleJ


    Fixed in my local repository. You'll be able to associate one YubiKey to many identities (i-MSCP account) with the next YubiKeyAuth plugin version. CHANGELOG will be as follow:


    Code
    1. ------------------------------------------------------------------------------------------------------------------------Version 1.1.0------------------------------------------------------------------------------------------------------------------------ Enhancement: It is now possible to associate a YubiKey to more than one identity (i-MSCP account)

    UPDATE.md

    Code
    1. # Update to version 1.1.0
    4. ## YubiKey association
    7. It is now possible to associate a YubiKey to more than one identity (i-MSCP account). Note that if you have enabled the 1FA (YubiKey only) authentication mode, and if your YubiKey is asosciated to more than one account, you'll also have to provide your credentials. This is needed to resolve ambiguous identity. Indeed, in such a case, the OTP authentication handler cannot rely only on your YubiKey unique identifier to infer the identity.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Implemented in YubiKeyAuth v1.1.0 RELEASED


    Thread closed.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support