sudo with u2f

sudo with u2f


Generate u2f config

pamu2fcfg -u $(whoami) -opam://$HOSTNAME -ipam://$HOSTNAME > ~/u2f_keys
echo "" >> ~/u2f_keys
pamu2fcfg -u root -opam://$HOSTNAME -ipam://$HOSTNAME >> ~/u2f_keys
sudo mkdir -p /etc/Yubico
sudo mv ~/u2f_keys /etc/Yubico/u2f_keys

Add this line to the beginning /etc/pam.d/common-auth file (replase $HOSTNAME to you real hostname):

auth    sufficient      pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/Yubico/u2f_keys cue [cue_prompt=🔐 Waiting for U2F key...]

Содержание