Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Yubikey ====== ===== Auth 2FA Linux ===== Install pam U2F module <code> $ sudo pacman -S pam-u2f </code> At this point, you can check whether your system recognizes the YubiKey: <code> $ dmesg </code> Generate U2F config with pam2fcfg <code> $ pamu2fcfg > ~/.config/Yubico/u2f_keys $ chmod 440 ~/.config/Yubico/u2f_keys </code> Add following line into /etc/pam.d/system-auth (the order between this and pam_unix will determine if you have to type password or touch yubikey first) <code> auth required pam_u2f.so </code> If you want to lock when you remove the yubikey, add the udev rules in /etc/udev/rules.d/45-yubikey.rules <code> # get HID_ID with $ udevadm monitor --property ACTION=="remove", ENV{HID_ID}=="0000:00000000:00000000", RUN+="/usr/bin/systemctl start --no-block i3lock.service" </code> Create the service unit <code> [Unit] Description=i3lock [Service] User=<username> Type=forking Environment=DISPLAY=:0 ExecStart=<command to lock> </code> Reload systemd units and udev rules <code> sudo udevadm control --reload-rules && sudo udevadm trigger sudo systemctl daemon-reload </code> confs/yubikey.txt Last modified: 2024/10/14 20:59by 127.0.0.1