Yubikey: Difference between revisions
imported>Itc-ger appended: multiple u2f-key support && added chapter: Test PAM configuration |
imported>Kallisti edited for safety consern |
||
| Line 62: | Line 62: | ||
Use this page to check whether your Yubikey supports '''Yubico OTP''' before starting: https://www.yubico.com/products/identifying-your-yubikey/ | Use this page to check whether your Yubikey supports '''Yubico OTP''' before starting: https://www.yubico.com/products/identifying-your-yubikey/ | ||
You can enable challenge-response logins with: | You can enable challenge-response logins with the following commands: | ||
<syntaxHighlight lang=nix> | '''1.)''' | ||
run: "nix-shell --command 'ykinfo -s' -p yubikey-personalization" | |||
to get the serial code and enter it into ''yubico.id = [ "12345678" ];'' | |||
'''WARNING, ignoring step 1 is considered insecure, any user could just plugin a yubikey and gain root access!''' | |||
'''2.)'''<syntaxHighlight lang=nix> | |||
security.pam.yubico = { | security.pam.yubico = { | ||
enable = true; | enable = true; | ||
debug = true; | debug = true; | ||
mode = "challenge-response"; | mode = "challenge-response"; | ||
yubico.id = [ "12345678" ]; | |||
}; | }; | ||
</syntaxHighlight> | </syntaxHighlight> | ||