How I use YubiKey (Updating)

Thanks to Cloudflare, I got my YubiKey for a really good price. Still trying to setup and use it, starting this post to logging my use cases.

ref: https://github.com/Yubico/pam-u2f

There are official guides on yubico website for how to use yubikey to setup login on windows and macOS, but not for linux.

Got those steps after some search and reading the project readme.

1. install pam-u2f with package manager
2. generate key handles and public keys

pamu2fcfg -uusername -P -N | sudo tee -a /etc/u2f_mappings

1. edit pam config to use it, adjust the options for your need, my key plugged in the back of my desktop, so I don’t want to touch it every time I tries to sudo.

:/etc/pam.d/system-auth

auth    sufficient      pam_u2f.so  authfile=/etc/u2f_mappings pinverification=1 userpresence=0

On my gentoo system, both /etc/pam.d/sudo and /etc/pam.d/login includes /etc/pam.d/system-auth, so I just need to change this.

1. test with sudo and switch to another tty for login, success! I can finally change my login password to a auto generated string.