Hardware based two factor authentication

Geo Kozey geokozey at mailfence.com
Mon Nov 13 13:17:50 CET 2017


November 13, 2017 12:18:28 AM CET Stephen Major <smajor at gmail.com> wrote:
>This is a two-fold question:
>
>1) Can Wireguard be used directly with Yubikeys: https://www.yubico.com
>
>2) Can Wireguard be used with a radius server like GreenRADIUS:http://www.greenrocketsecurity.com/greenradius/
 
In case of [1] you can store wireguard keys in pass (https://www.passwordstore.org) database which is encrypted using yubikey smartcard  mode. See example setup https://www.palkeo.com/sys/perfect-password-manager.html

Then you can add below command to your wg config, see https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8:

PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)


Yours sincerely

G. K.


More information about the WireGuard mailing list