On 08 Jun 2021, Sean Dennis said the following...
 
 SD> I have thought about using a Yubikey for limiting root access to my BBS
 SD> server.  Are any of you using a Yubikey or something similar?  I know
 SD> that Slackware supports the use of a Yubikey via third-party software.

 SD> If you're using one, what do you think about it?

I have a few Yubikeys.  All USB A and two that support NFC.

I don't use any of them.  I love the idea, and for about a month I had them
setup on every account that supports them.  GMail, Facebook, my domain
registrar and DNS provider & even a wordpress site that I used to run.

Some services let you check a box to "don't ask me again on this device"
while others may have "don't ask me again for 30 days" which I quite like.

If I've logged in from that device, chances are it's safe.

I guess the problem is, I kept the yubikey on my keychain.  So it's 8pm on
some random Wednesday and you want to log into your webmail & then you're
greeted with "press the button on your yubikey to continue".  Now you have to
get off the couch, go to the front door & grab your keys, walk back to your
laptop, insert the yubikey & press the button, then walk back to the front
door to put your keys back so that you're not looking for them in a panic the
next morning.

All-in-all, a very 1st-world problem that after awhile just made it not worth
it for me.  I use Google Authenticator for everything that supports it, that
way I can just grab my phone which is usually with me to enter the codes, or
even use a desktop client that also supports TOTP codes if you don't want to
use your phone.

I've used tutorials for Debian/Ubuntu for adding Google Auth support to SSH,
Slackware may support it as well:

https://ubuntu.com/tutorials/configure-ssh-2f...

Maybe if you usually log into your server from the same computer and had the
Yubikey handy at that computer the experience may be better.


Jay

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
 * Origin: Northern Realms (618:500/23)