Skip to content

Latest commit

 

History

History
51 lines (35 loc) · 1.76 KB

File metadata and controls

51 lines (35 loc) · 1.76 KB

Yubico Passwordless Ubuntu Login

This is for setting up a Yubico Passwordless Login with Linux.

This has also been tested on Ubuntu and Raspberry Pi OS.

This setup is not for the Yubico key's alone and can be used with other FIDO keys.

This is a fairly straight forward implementation.

After this installation the key isn't required but the software will be a sufficient attempt and if the key isn't available then the password is required. It even gives the key option during sudo access.

Please keep in mind that I did not come up with all of the information from this but did copy a large portion of it from AskUbuntu

This is a modification on the original Yubico instructions found here.

Install needed software to interface with the Yubico Key

sudo apt install libpam-u2f -y

Create a mappings file

Run this for each user. Update USERNAME with the username of the appropriate user. This script is contained in buttonpress.sh.

sudo -v
echo Enter the PIN if required then Press the button
sudo sh -c "pamu2fcfg -u USERNAME >> /etc/u2f_mappings"

Modify the file

The /etc/u2f_mappings file is going to need to be edited

sudo nano /etc/u2f_mappings

Note these things when editing the file

  • Each user should have it's own line in the file
  • Single user with multiple keys is layed out
    • USERNAME:KEY:KEY:KEY

This finalizes the installation

Run update-mapping.sh.

  • It does modify key authentication files for your system
  • Run only once.

Enjoy

If anyone wants to contribute please reach out.