pavinjosdev/yubikey_auth_lmde.md

Last active February 9, 2024 16:21

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/pavinjosdev/0d7ade586e4b4a33d03a19c7684e78ce.js"></script>
Save pavinjosdev/0d7ade586e4b4a33d03a19c7684e78ce to your computer and use it in GitHub Desktop.

Download ZIP

Setup Yubikey passwordless authentication on LMDE 5 (Linux Mint Debian Edition)

Raw

yubikey_auth_lmde.md

Install packages

apt install yubikey-manager libpam-u2f

Insert Yubikey and test

ykman info
ykman fido info

Configure FIDO2/U2F key for your account

sudo mkdir -p /etc/Yubico
pamu2fcfg -N | sudo tee -a /etc/Yubico/u2f_keys

See man pamu2fcfg for more details.

Configure FIDO2/U2F key for passwordless authentication

This would enable passwordless authentication using FIDO2 PIN and confirms user's presence.

Perform this only as root, otherwise you may be locked out.

Edit file /etc/pam.d/common-auth with the following line having precedence over the default pam_unix.so line:

auth    sufficient                      pam_u2f.so authfile=/etc/Yubico/u2f_keys cue

Verify configuration

Open new terminal and test using sudo <cmd>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment