- guide for ubuntu: https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F
- guide for fedora: https://github.com/Zer0CoolX/Fedora-KDE-Yubikey-U2F-2FA-Logins-Guide/blob/master/README.md
- https://www.aukfood.fr/yubikey-parametrage-authentification-linux/
# Generate the u2f keys/config
pamu2fcfg -u $(whoami) -opam://$HOSTNAME -ipam://$HOSTNAME > ~/u2f_keys
pamu2fcfg -u root -opam://$HOSTNAME -ipam://$HOSTNAME >> ~/u2f_keys
sudo -i
mkdir -p /etc/Yubico/
mv ~/u2f_keys /etc/Yubico/
grep -v "pam_u2f.so" /usr/lib/pam.d/common-auth \
| sed "/auth\s*required\s*pam_env.so/i auth sufficient pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/Yubico/u2f_keys cue [cue_prompt=🔐 Waiting for U2F key...]" \
> tmp_common_auth
rm /etc/pam.d/common-auth
mv tmp_common_auth /etc/pam.d/common-auth/etc/pam.d/common-auth should look like (replace $HOSTNAME by its value):
# [...]
auth sufficient pam_u2f.so origin=pam://$HOSTNAME appid=pam://$HOSTNAME authfile=/etc/Yubico/u2f_keys cue [cue_prompt=🔐 Waiting for U2F key...]
auth required pam_env.so
auth required pam_unix.so try_first_pass
# [...]
Et voilà, you can now sudo without typing your passwords, note that this also works with polkit (gui sudo prompt) !