Yubikey Login / Sudo - Githubissues

nixpulvis / dotfiles

My personal dotfiles, using fish, i3 and much more.

4 stars 4 forks source link

Yubikey Login / Sudo #91

Open nixpulvis opened 1 year ago

nixpulvis commented 1 year ago

It would be nice to be able to login as a user and perform sudo as that user with special yubikey options.

Right now, log in looks like this (after already typing in the FDE key):

hostname login: username
password: ...

Wayland loads...
Open terminal
Execute sudo netctl start ...
- password: ...

It should be:

hostname login: username
password:
<insert-sc>
<authorized>

Wayland loads...
Open terminal
Execute sudo netctl start ...

nixpulvis commented 1 year ago

pamu2fcfg -o pam://hostname -i pam://hostname > ~/.config/Yubico/u2f_keys

$ cat /etc/pam.d/login

auth sufficient pam_u2f.so nouserok origin=pam://hostname appid=pam://hostname

$ cat /etc/pam.d/sudo

auth            sufficient      pam_u2f.so cue origin=pam://hostname appid=pam://hostname

nixpulvis commented 1 year ago

Userland should be passwordless, root is behind traditional high security controls w/ smartcard-like physical hardwired key as an optional method to speed up the process.