This is for setting up a Yubico Passwordless Login with Linux.
This has also been tested on Ubuntu and Raspberry Pi OS.
This setup is not for the Yubico key's alone and can be used with other FIDO keys.
This is a fairly straight forward implementation.
After this installation the key isn't required but the software will be a sufficient
attempt and if the key isn't available then the password is required. It even gives the key option during sudo access.
Please keep in mind that I did not come up with all of the information from this but did copy a large portion of it from AskUbuntu
This is a modification on the original Yubico instructions found here.
sudo apt install libpam-u2f -y
Run this for each user. Update USERNAME
with the username of the appropriate user.
This script is contained in buttonpress.sh
.
sudo -v
echo Enter the PIN if required then Press the button
sudo sh -c "pamu2fcfg -u USERNAME >> /etc/u2f_mappings"
The /etc/u2f_mappings
file is going to need to be edited
sudo nano /etc/u2f_mappings
Note these things when editing the file
- Each user should have it's own line in the file
- Single user with multiple keys is layed out
USERNAME:KEY:KEY:KEY
Run update-mapping.sh
.
- It does modify key authentication files for your system
- Run only once.