Yubikey: Difference between revisions
imported>Anoadragon453 m Add link to helpful blog with info on setting up GPG keys on a Yubikey for SSH authentication |
imported>Itc-ger appended: multiple u2f-key support && added chapter: Test PAM configuration |
||
| Line 31: | Line 31: | ||
# <code>mkdir -p ~/.config/Yubico</code> | # <code>mkdir -p ~/.config/Yubico</code> | ||
# <code>pamu2fcfg > ~/.config/Yubico/u2f_keys</code> | # <code>pamu2fcfg > ~/.config/Yubico/u2f_keys</code> | ||
# add another yubikey (optional): <code>pamu2fcfg -n >> ~/.config/Yubico/u2f_keys</code> | |||
3. Verify that `~/.config/Yubico/u2f_keys` contains one line in the following style: | 3. Verify that `~/.config/Yubico/u2f_keys` contains one line in the following style: | ||
| Line 48: | Line 50: | ||
PAM U2F Docs: https://developers.yubico.com/pam-u2f/ | PAM U2F Docs: https://developers.yubico.com/pam-u2f/ | ||
5. Verify PAM configuration | |||
See chapter ''Test PAM configuration'' an the end of this page. | |||
=== yubico-pam === | === yubico-pam === | ||
| Line 109: | Line 116: | ||
# Plug in the new YubiKey | # Plug in the new YubiKey | ||
# <code>gpg --card-status</code> (optional, to see if key is visibile) | # <code>gpg --card-status</code> (optional, to see if key is visibile) | ||
== Test PAM configuration == | |||
Test user and/or sudo authentication. | |||
Replace <code><username></code> by your users account name. | |||
# <code>nix-shell -p pamtester</code> | |||
# <code>pamtester login <username> authenticate</code> | |||
# <code>pamtester sudo <username> authenticate</code> | |||
If the result is <code>pamtester: successfully authenticated</code> then everything should work as expected. | |||
== Links == | == Links == | ||