How To Install yubikey-ksm on Debian 9

Introduction

In this tutorial we learn how to install yubikey-ksm on Debian 9.

What is yubikey-ksm

yubikey-ksm is:

YubiKeys are USB tokens that act like keyboards and generate one-time passwords. This package contains a server written in PHP for use with Apache that decrypt YubiKey One-Time Passwords (OTPs), normally only used by YubiKey OTP validation servers. The architecture is that a set of validation servers manage the token counters and respond to OTP requests from clients, and utilize a set of back-end YubiKey Key Storage Module (KSM) servers to perform the actual AES key decryption. The protocols are openly published. This implementation store the AES keys in a database unencrypted, which can be protected using file-system encryption mechanisms Another KSM implementation is available in the yhsm-yubikey-ksm package that use the YubiHSM hardware to protect the decryption process. Sometimes the KSM runs on another server than the validation server, but it is possible to run both on the same machine. After installing and configuring this package you will have a YubiKey KSM server up and running via Apache.

There are three methods to install yubikey-ksm on Debian 9. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install yubikey-ksm Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install yubikey-ksm using apt-get by running the following command:

sudo apt-get -y install yubikey-ksm

Install yubikey-ksm Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install yubikey-ksm using apt by running the following command:

sudo apt -y install yubikey-ksm

Install yubikey-ksm Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install yubikey-ksm using aptitude by running the following command:

sudo aptitude -y install yubikey-ksm

How To Uninstall yubikey-ksm on Debian 9

To uninstall only the yubikey-ksm package we can use the following command:

sudo apt-get remove yubikey-ksm

Uninstall yubikey-ksm And Its Dependencies

To uninstall yubikey-ksm and its dependencies that are no longer needed by Debian 9, we can use the command below:

sudo apt-get -y autoremove yubikey-ksm

Remove yubikey-ksm Configurations and Data

To remove yubikey-ksm configuration and data from Debian 9 we can use the following command:

sudo apt-get -y purge yubikey-ksm

Remove yubikey-ksm configuration, data, and all of its dependencies

We can use the following command to remove yubikey-ksm configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge yubikey-ksm

Dependencies

yubikey-ksm have the following dependencies:

• debconf
• apache2
• php
• php-mcrypt
• mysql-server
• php-mysql
• dbconfig-common
• libdbi-perl

References

• yubikey-ksm website

Summary

In this tutorial we learn how to install yubikey-ksm package on Debian 9 using different package management tools: apt, apt-get and aptitude.