Yubikey as 2FA option for Manager?
Are there any plans to support Yubikeys as a second login factor for the Manager interface, whether via FIDO/U2F or Yubikey-generated OTPs?
Adding options for 2FA like Yubikey or FIDO/U2F is definitely on our radar. While I can't give an estimate yet, I'll make sure to add your request to our internal issue tracker to make the desire for this feature known. If there's anything else we can do for you, please don't hesitate to let us know.
Bump! I asked a question earlier about webauthn, which I believe would be an easy way to support the use of FIDO or FIDO2 devices like Yubikeys. My registrar now supports FIDO, and so does Google; my Linode interface is starting to "stick out" as the single most vulnerable element of my domain setup. I can enable one of your other 2FA options, but I'm very uncomfortable with the "must trust my phone" element of the existing options; to be frank, I don't really think of my phone as being a trusted computing environment.
Please consider supporting FIDO or FIDO 2, and maybe do it using webauthn!
Thanks for all of your great work.
Bump, U2F would be great.
I'm currently using yubikey's 2FA functionality but this requires a
sudo yubioath -s2 6 + copy paste every time and doesn't benefit from the security of the hardware button press.
+1, yes. Please support 2FA using U2F! Not all of us have a smartphone with us all the time.
I would also like to have U2F for logging into Linode. Smart phones are less and less trustworthy. It would be great to be able to use my Yubikey or a Google Titan key without having to use an authenticator app as well.
This is another bump for U2F for 2FA. I'm a big fan of Yubikey and use them whenever possible. Having it to protect Manager would be amazing.
Bump! It's been more than a year since I posted on this thread, so I'm giving myself permission to do it again. Please please please? Security is sliding right down the hole, these days. I want to get something solid set up before the US tries to get back doors on everything (cf. recent eff.org postings…).
Thanks for all the bumps on this post. It's still on our radar, but I have passed along all of your requests to the team.
Keep an eye on our blog, as that's where we'd announce the addition of a feature like this.
+1 for U2F 2FA! Maybe Solokeys as well as yubikey (who seem to be proprietary/closed-source)?
Bump! New news on this front from Ars Technica, in an article entitled "Apple has finally embraced key-based 2FA. So should you." (https://arstechnica.com/information-technology/2020/07/apple-has-finally-embraced-key-based-2fa-so-should-you/). I imagine that the "you" referred to in the article is users, but it applies equally well to companies such as Linode.
A number of years ago, I did a brief security audit, and discovered that my Linode login was my number one most compromisable point of entry. An attacker that gains control of my Linode login can easily get root permission on all of my servers, and install whatever evil software they want.
What about 2FA such as Authy? Honestly, the additional security provided by these authenticators is utterly compromised by the existence of combined tools such as 1Password. Since 1Password can act as an authenticator, then suddenly my 1Password password becomes again a "golden key" that can bypass 2FA. You may choose to blame my foolish decision to entrust my authenticator credentials to 1Password, but I guarantee you that professionals all over the world will do the same thing, until they are forced not to by mechanisms based on true hardware authentication.
Put simply, without the best possible protection, Linode is simply asking to be the next headline: Promising Startup Destroyed by Lax Security. Hardware authentication is absolutely necessary for any person or business that wants to securely protect their infrastructure. Without hardware authentication, Linode is just playing in the minor leagues.
Thanks for bringing this up again and for linking to that article. As Rob mentioned back a couple of months ago, we have been looking into this. I've added the recent requests to our internal feature tracker.
I also appreciate you outlining some of the caveats that make you not want to use currently available options. That said, I would recommend being very cautious about outlining any personal security practices on a public forum.
+1 Here for the yubikey support. Conscious this request has gone through, just want to make sure Linode is aware this is still a desired feature :) (also any updates on the progress would be very welcome)
Re-bump, is this request any closer to being picked up? I understand implementing it is probably non trivial, however I believe it is an important feature for the future of Linode.
I've recently been rolling out mandatory U2F or SSH+yubico-OTP throughout our organisation for critical services and infrastructure. The Linode Manager is one of the most sensitive pieces and yet the only part still stuck on software based 2FA which makes me nervous when I need to give others remote access.
This is not a complaint, I love your service, i'm just trying to stress how important this feature is for many of us.
I would ALSO really like U2F. It's much better than having to shuffle around a bunch of separate authenticators.
I hate to say it, but as much as I love Linode, I'm starting to think about migrating to another service. I have absolutely zero other complaints, but @ls-tombrierley hits the nail on the head: this is becoming a glaring security hole. Please please please move Linode into the modern age.
Thank you so much for all of the work you do!
I'm getting very frustrated with the lack of action on this; this is a huge security problem. You just added a blog post called "Credible Alternative Cloud Provider Checklist: 6 Must-have Capabilities".
Strangely, this checklist doesn't seem to include "up-to-date security infrastructure". The failure to support hardware authentication is a real problem for Linode. It's been years that you've had to fix this problem. I'm very tired of apologizing for Linode in this regard.
Just another bump. As folks have mentioned, we run some pretty important stuff on our Linode servers. 2FA via U2F or FIDO2/webauthn would give a lot of us piece of mind. We're in the process of supporting it our own software. ;)
And another bump. This would be extremely convenient. I'd also like two things along with it:
- The ability to register more than one device on one account. This way I can have a backup key, or different format keys (eg, USB A and USB C).
- The ability to use a key for more than one account. This can be useful in some scenarios. For instance at AWS, my company can give me an user inside the organization, and then I can use my own personal Yubikey on it without it conflicting with my personal AWS account.
+1 for U2F with yubikey - two and a half years have passed and still no progress with this whatsoever. Competitors have it (I could name them), but when will it be finally integrated with Linode? It's not that hard to integrate and could have been done a long time ago!
@mtrojnar We don't have an update at this time for the addition of this feature. We'll be sure to post an update when we have one to share.
Is there a particular reason U2F/FIDO is not implemented? It's really not that complicated to implement.
I would like express my interest as well.
I understand properly implementing this is difficult, I feel like this is a very important feature.
My servers hold some of the most sensitive data I have. It feels strange having hardware keys required to login to the server, but being able to gain root access to the server from the cloud manger without them.
+1 on multiple Yubikey support from me. U2F preferably; requiring FIDO2 specifically would be an inconvenience to the large, established user base.