I got myself a Yubikey recently, and I wanted to use it as a nice convenience to: Grant me sudo privileges Unlock my session Decrypt my LUKS-encrypted disk I've only managed to do the first two, since they both rely on Linux Pluggable Authentication Modules (PAM). Luckily for me, one of PAM's modules supports U2F, the standard Yubikeys rely on. First I need to install pam-u2f to add U2F support to PAM, and pamu2fcfg to configure my key. $ sudo rpm-ostree install pam-u2f pamu2fcfg Since I'm running an immutable OS I need to reboot, and then I can create the correct directory and file to dump an U2F key into it. $ mkdir -p ~/.config/Yubico $ pamu2fcfg > ~/.config/Yubico/u2f_keys Then I make sure to have a root session open in case I lock myself out of sudoers. $ sudo su # In a different terminal, I can edit the sudoers file to add this line #%PAM-1.0 auth sufficient pam_u2f.so cue openasuser auth include system-auth account include system-auth password include system-auth session…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.