Hardware based two factor authentication
Geo Kozey
geokozey at mailfence.com
Mon Nov 13 13:17:50 CET 2017
November 13, 2017 12:18:28 AM CET Stephen Major <smajor at gmail.com> wrote:
>This is a two-fold question:
>
>1) Can Wireguard be used directly with Yubikeys: https://www.yubico.com
>
>2) Can Wireguard be used with a radius server like GreenRADIUS:http://www.greenrocketsecurity.com/greenradius/
In case of [1] you can store wireguard keys in pass (https://www.passwordstore.org) database which is encrypted using yubikey smartcard mode. See example setup https://www.palkeo.com/sys/perfect-password-manager.html
Then you can add below command to your wg config, see https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8:
PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)
Yours sincerely
G. K.
More information about the WireGuard
mailing list