blog

12020-04-17

SEAN K.H. LIAO

who cares about the 2nd factor? just the hardware key needed!

steps

install pam-u2f

pacman -S pam-u2f

add keys

replace ~/.config with $XDG_CONFIG_HOME

origin and id is set to enforce a stable name

# first key
pamu2fcfg -i pam://hostname -o pam://hostname > ~/.config/Yubico/u2f_keys
# other keys
pamu2fcfg -n -i pam://hostname -o pam://hostname > ~/.config/Yubico/u2f_keys

~/.config/Yubico/u2f_keys

username:xxxxxx..key1..xxxxxx:xxxxxx..key2..xxxxxx

add authentication method to pam

/etc/pam.d/sudo

auth    sufficient    pam_u2f.so cue origin=pam://hostname appid=pam://hostname
...