passwordless sudo u2f

sudo without a password

passwordless sudo u2f

sudo without a password

who cares about the 2nd factor? just the hardware key needed!

steps

install pam-u2f

1pacman -S pam-u2f

add keys

replace ~/.config with $XDG_CONFIG_HOME

origin and id is set to enforce a stable name

1# first key
2pamu2fcfg -i pam://hostname -o pam://hostname > ~/.config/Yubico/u2f_keys
3# other keys
4pamu2fcfg -n -i pam://hostname -o pam://hostname > ~/.config/Yubico/u2f_keys

~/.config/Yubico/u2f_keys

1username:xxxxxx..key1..xxxxxx:xxxxxx..key2..xxxxxx

add authentication method to pam

/etc/pam.d/sudo

• authfile: set alternative location for config file
• cue: prompt to touch device (so you don't wonder why it's stuck doing nothing)

1auth    sufficient    pam_u2f.so cue origin=pam://hostname appid=pam://hostname
2...