Yubikey: Difference between revisions

imported>Mic92
imported>Flyfloh
No edit summary
Line 78: Line 78:
# <code>gpg --card-status</code> (optional, to see if key is visibile)
# <code>gpg --card-status</code> (optional, to see if key is visibile)


== Yubikey for Login ==
Add the following to your configuration.nix to enable challenge-response based Logins
<syntaxHighlight lang=nix>
security.pam.yubico = {                                                                                                                                                                                                                                               
  enable = true;                                                                                                     
  debug = true;                                                                                                     
  mode = "challenge-response";                                                                                       
};
</syntaxHighlight>
You need to program the Yubikey for Challenge-Response on slot 2 and setup the current user for logon
# <code>nix-shell -p yubico-pam -p yubikey-personalization</code>
# <code>ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible</code>
# <code>ykpamcfg -2 -v</code>
You should now be able to use your Yubikey to login and for sudo. You can also set <code>security.pam.yubico.control</code> to "required" in order to have multi-factor authentication.
See also https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html


== Links ==
== Links ==