Programming YubiKeys with the GRS Programming/Auto-Import Tool

Green Rocket Security provides a Windows-based YubiKey programming tool, which programs YubiKeys and also automatically uploads the newly-generated YubiKey secrets to GreenRADIUS in a single-step process. These are the steps to install and use the programming tool.

  1. Contact Green Rocket Security to receive a copy of the programming tool installation EXE.
  2. Run the installer as administrator. The programming tool will be installed to the AppData directory for your user. A shortcut will also appear in the Start Menu.
  3. Enable the programming API on GreenRADIUS, if you have not done so already. To do this, log into GreenRADIUS, either in the console or via SSH, and run the command sudo docker exec -it GRVA-MAIN changepassword grsapiusr. This will prompt you for a new password for the grsapiusr API user.
  4. Insert your YubiKey in a USB port.
  5. Launch the programming tool as an administrator. To do this, find its entry in the Start Menu, right-click it, and select "Run as Administrator" from the list of options that appears.
  6. You will need to enter the hostname or IP address of GreenRADIUS as well as the username (grsapiusr) and password. The password is the one configured in Step 3. Entering the connection information
  7. The tool will now automatically program your YubiKey with a random secret and upload the data to GreenRADIUS. You will be able to see the new token appear in the "List Tokens" screen of the web admin interface.
  8. You can program as many keys as your wish successively, or exit the tool once you are finished. The data for each key is imported to GreenRADIUS as it is generated, so no final "save" step is necessary.

Configure GreenRADIUS to Validate YubiKeys Locally

To use the tokens, you will need to set your GreenRADIUS to use local validation, since the secrets are stored locally rather than in the YubiCloud. To do this:

  1. In the GreenRADIUS web admin interface, click the Global Configuration tab.
  2. Select "Validation Server".
  3. Set the server to "Local validation server on GreenRADIUS Virtual Appliance" and click "Save" to commit your changes.

Configuring the validation server

Once this is done, you will be able to use your YubiKeys with GreenRADIUS validating OTPs locally.

Web Analytics Made Easy -
StatCounter

Updated 2021-06-03
© 2024 Green Rocket Security Inc. All rights reserved.