You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
sudo yubikey-personalization-gui
|
|
|
|
Use:
|
|
|
|
- HMAC-SHA1
|
|
|
|
- Configuration slot 1
|
|
|
|
- Require user input (button press, optional)
|
|
|
|
- Yubikey unprotected (keep it that way)
|
|
|
|
- Click <Generate>
|
|
|
|
Set it to use challenge response (no password):
|
|
|
|
sudo su -
|
|
|
|
#ykpersonalize -1 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
|
|
|
|
mkdir ~/.yubico
|
|
|
|
ykpamcfg -1 -v
|
|
|
|
mv .yubico/ /home/forksand/
|
|
|
|
chown -R forksand:forksand /home/forksand/.yubico/
|
|
|
|
|
|
|
|
# Install:
|
|
|
|
apt install libpam-yubico
|
|
|
|
|
|
|
|
vim /etc/pam.d/common-auth
|
|
|
|
# Set pam config to just have these lines:
|
|
|
|
auth required pam_yubico.so mode=challenge-response
|
|
|
|
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
|
|
|
|
auth requisite pam_deny.so
|
|
|
|
auth required pam_permit.so
|
|
|
|
auth optional pam_cap.so
|
|
|
|
|