sudo apt-get install libpam-u2f
you'll need to setup your yubikey with the yubikey manager prior to doing this tutorial.
- Plug-in yubikey and type:
- ignore if the folder already exists
pamu2fcfg > ~/.config/Yubico/u2f_keysto add your yubikey to the list of accepted yubikeys
- enter your PIN if one if set for the key, then touch the key when the key's light blinks.
(optional) Register additional keys with the command:
pamu2fcfg -n >> ~/.config/Yubico/u2f_keys
sudo nano /etc/pam.d/sudo(or
sudo nvim /etc/pam.d/sudoto use neovim as the text editor) to edit the PAM config for sign-on
auth sufficient pam_u2f.sobefore
- instead of the final step, adjust the file
@include common-auth auth required pam_u2f.so
Save the file and DO NOT CLOSE THE FILE - CONFIRM that the deployment was successful (see below)
You can test the deployment is successful by opening a new terminal tab or window then running
sudo echo SUCCESS
- If you enabled sign-in with yubikey only, then you will see your yubikey flashing for touch input
- If you enabled 2FA with your key, then you will be prompted to enter your password, then the yubikey will flash for touch input.
Once the behaviour works as expected, you may close the terminal windows