Passwordless auth with Yubico 5 NFC on Ubuntu
Resources
Using U2F for passwordless sudo
Prerequisites
sudo apt-ge...
For further actions, you may consider blocking this person and/or reporting abuse
Thanks for this, A great walkthough.
For those like me who forget that the Yubikey is set up for this kind of thing you can add a cue to
/etc/pam.d/sudoto give you a message, instead of just the paused prompt.auth sufficient pam_u2f.so cue [cue_prompt="Tap the Yubikey to Sudo"]Developer Reference has some other good options to add if you need them too
Ah I never thought of this. Thank you for sharing!!
Thank you for this post. I've implemented it and feel more secure ;)
However, there is one gap, namely how to do the same for
su. I tried the same process for su but got this message:su: Authentication service cannot retrieve authentication info. Any ideas?This is great.
Also, it works pretty similar for polkit, just that it's
/etc/pam.d/polkit-1.this is awesome, thanks
I'm so glad it's helpful for you!
2FA sudo command, so cool
Nice tutorial, I was doing it as 2FA but I would love to switch to passwordless if we could require the PIN of the yubikey before touching.
Also, can I do it on a remote server connected in ssh or it's only for key connected on the local machine?
I came here wondering the same thing. Found a solution, sharing it here for reference even though it's a year later 😄.
I found out pam_u2f.so has a
pinverification=intoption for this.Replacing
auth sufficient pam_u2f.sowithauth sufficient pam_u2f.so pinverification=1in /etc/pam.d/sudo seems to do the trick!Will this work over SSH?
sadly, no. But pam_yubico.so should work.