Bobcares

YubiKey Authentication Fails When Trying to Log In | Resolved

by | Mar 23, 2022

YubiKey Authentication Fails when trying to log in and not sure what to do? Read on to find out what our experts suggest. 

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Services.

Let’s take a look at how our Support Team is ready to help customers if YubiKey authentication fails when trying to log in.

Why does YubiKey Authentication Fail when Trying to Log In

Recently, some of our customers have been running into trouble when they attempt to log into OnApp through an admin account via Yubikey. They came across the following error message:

"Service is temporarily unavailable and Invalid Yubikey."   

YubiKey Authentication Fail when Trying to Log In

This error is due to an expired certificate in the Yubikey gem. Fortunately, our Support Techs have come up with a solution to the problem. However, the solution depends on the version of OnApp we are running.

How to resolve: YubiKey Authentication Fails When Trying to Log In

For OnApp version 6.2, including 6.2 Patch 1:

  1. First, we have to download the chain.pem file to the Control Panel.
  2. Next, modify the owner of the .pem file with this command:
    # chown root:root #pem_file_location#
  3. Then, we have to find and take a backup of the current .pem file.
  4. After that, we will put a new chain.pem file into place with this command:
    # cp -av #pem_file_location# /usr/lib64/ruby/gems/2.5.0/gems/onapp-core-6.2.3/config/yubikey_cert_chain.pem
  5. Finally, we can restart the OnApp CP service: onapp, httpd.

For OnApp version 6.1

  1. First, run the command below:
    # yum update rubygem-onapp-core
  2. Then, restart the OnApp CP service: onapp, httpd.

For versions between OnApp 5.5 and OnApp 6.1

  1. First, run the command below:
    # yum update rubygem-yubikey
  2. Then, restart the OnApp CP service: onapp, httpd.

For versions between OnApp 5.0 and OnApp 5.5

  1. First, we have to download the chain.pem file to the Control Panel.
  2. Next, modify the owner of the .pem file with this command:
    # chown root:root #pem_file_location#
  3. Then, we have to find and take a backup of the current .pem file:
    # find /usr/lib*/ruby -name \*chain.pem
    /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem
    # cp -av /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem.bak
  4. After that, we will put a new chain.pem file into place:
    # cp -av #pem_file_location# /usr/lib64/ruby/gems/2.1.0/gems/yubikey-1.4.1/lib/cert/chain.pem
  5. Finally, we can restart the OnApp CP service: onapp, httpd.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To conclude, our skilled Support Engineers at Bobcares demonstrated what to do when YubiKey authentication fails when trying to log in.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.