====== Yubikey ======
===== Auth 2FA Linux =====
Install pam U2F module
<code>
$ sudo pacman -S pam-u2f
</code>
At this point, you can check whether your system recognizes the YubiKey:
<code>
$ dmesg 
</code>
Generate U2F config with pam2fcfg
<code>
$ pamu2fcfg > ~/.config/Yubico/u2f_keys
$ chmod 440 ~/.config/Yubico/u2f_keys
</code>
Add following line into /etc/pam.d/system-auth (the order between this and pam_unix will determine if you have to type password or touch yubikey first)
<code>
auth required pam_u2f.so
</code>
If you want to lock when you remove the yubikey, add the udev rules in /etc/udev/rules.d/45-yubikey.rules
<code>
# get HID_ID with $ udevadm monitor --property
ACTION=="remove", ENV{HID_ID}=="0000:00000000:00000000", RUN+="/usr/bin/systemctl start --no-block i3lock.service"
</code>
Create the service unit
<code>
[Unit]
Description=i3lock

[Service]
User=<username>
Type=forking
Environment=DISPLAY=:0
ExecStart=<command to lock>
</code>
Reload systemd units and udev rules
<code>
sudo udevadm control --reload-rules && sudo udevadm trigger
sudo systemctl daemon-reload
</code>