Passwordless auth with Yubico 5 NFC on Ubuntu
Resources
Using U2F for passwordless sudo
Prerequisites
sudo apt-ge...
For further actions, you may consider blocking this person and/or reporting abuse
Thanks for this, A great walkthough.
For those like me who forget that the Yubikey is set up for this kind of thing you can add a cue to
/etc/pam.d/sudoto give you a message, instead of just the paused prompt.auth sufficient pam_u2f.so cue [cue_prompt="Tap the Yubikey to Sudo"]Developer Reference has some other good options to add if you need them too
Ah I never thought of this. Thank you for sharing!!
Thank you for this post. I've implemented it and feel more secure ;)
However, there is one gap, namely how to do the same for
su. I tried the same process for su but got this message:su: Authentication service cannot retrieve authentication info. Any ideas?2FA sudo command, so cool
this is awesome, thanks
I'm so glad it's helpful for you!
This is great.
Also, it works pretty similar for polkit, just that it's
/etc/pam.d/polkit-1.Nice tutorial, I was doing it as 2FA but I would love to switch to passwordless if we could require the PIN of the yubikey before touching.
Also, can I do it on a remote server connected in ssh or it's only for key connected on the local machine?
I came here wondering the same thing. Found a solution, sharing it here for reference even though it's a year later 😄.
I found out pam_u2f.so has a
pinverification=intoption for this.Replacing
auth sufficient pam_u2f.sowithauth sufficient pam_u2f.so pinverification=1in /etc/pam.d/sudo seems to do the trick!Will this work over SSH?
sadly, no. But pam_yubico.so should work.