forksand-it-manual/source/resources/apps/yubikey/README.md

sudo yubikey-personalization-gui
Use:
- HMAC-SHA1
- Configuration slot 1
- Require user input (button press, optional)
- Yubikey unprotected (keep it that way)
- Click <Generate>
Set it to use challenge response (no password):
sudo su -
#ykpersonalize -1 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
mkdir ~/.yubico
ykpamcfg -1 -v
mv .yubico/ /home/forksand/
chown -R forksand:forksand /home/forksand/.yubico/

# Install:
apt install libpam-yubico

vim /etc/pam.d/common-auth
# Set pam config to just have these lines:
auth    required        pam_yubico.so mode=challenge-response
auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so
yubikey workstation setup 7 years ago			`sudo yubikey-personalization-gui`
			`Use:`
			`- HMAC-SHA1`
			`- Configuration slot 1`
yubikey setup 7 years ago			`- Require user input (button press, optional)`
yubikey workstation setup 7 years ago			`- Yubikey unprotected (keep it that way)`
			`- Click <Generate>`
			`Set it to use challenge response (no password):`
			`sudo su -`
			`#ykpersonalize -1 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible`
			`mkdir ~/.yubico`
			`ykpamcfg -1 -v`
			`mv .yubico/ /home/forksand/`
			`chown -R forksand:forksand /home/forksand/.yubico/`
yubikey setup 7 years ago
			`# Install:`
			`apt install libpam-yubico`

yubikey workstation setup 7 years ago			`vim /etc/pam.d/common-auth`
yubikey setup 7 years ago			`# Set pam config to just have these lines:`
			`auth required pam_yubico.so mode=challenge-response`
			`auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass`
			`auth requisite pam_deny.so`
			`auth required pam_permit.so`
			`auth optional pam_cap.so`
yubikey workstation setup 7 years ago