Green Rocket Security provides a Windows-based YubiKey programming tool, which programs YubiKeys and also automatically uploads the newly-generated YubiKey secrets to GreenRADIUS in a single-step process. These are the steps to install and use the programming tool.
- Contact Green Rocket Security to receive a copy of the programming tool installation EXE.
- Run the installer as administrator. The programming tool will be installed to the AppData directory for your user. A shortcut will also appear in the Start Menu.
- Enable the programming API on GreenRADIUS, if you have not done so
already. To do this, log into GreenRADIUS, either in the console or
via SSH, and run the command
sudo docker exec -it GRVA-MAIN changepassword grsapiusr. This will prompt you for a new password for the
- Insert your YubiKey in a USB port.
- Launch the programming tool as an administrator. To do this, find its entry in the Start Menu, right-click it, and select "Run as Administrator" from the list of options that appears.
- You will need to enter the hostname or IP address of GreenRADIUS as well as the username (
grsapiusr) and password. The password is the one configured in Step 3.
- The tool will now automatically program your YubiKey with a random secret and upload the data to GreenRADIUS. You will be able to see the new token appear in the "List Tokens" screen of the web admin interface.
- You can program as many keys as your wish successively, or exit the tool once you are finished. The data for each key is imported to GreenRADIUS as it is generated, so no final "save" step is necessary.
To use the tokens, you will need to set your GreenRADIUS to use local validation, since the secrets are stored locally rather than in the YubiCloud. To do this:
- In the GreenRADIUS web admin interface, click the Global Configuration tab.
- Select "Validation Server".
- Set the server to "Local validation server on GreenRADIUS Virtual Appliance" and click "Save" to commit your changes.
Once this is done, you will be able to use your YubiKeys with GreenRADIUS validating OTPs locally.
© 2021 Green Rocket Security Inc. All rights reserved.