Enabling U2F authentication in PAM
Yubico (the producers of YubiKey) created a U2F module for PAM, and we're gonna use it. Most likely it's in the package db of your distro of choice.
In order to activate the module, you'll need to modify either
/etc/pam.conf or a file in the
The format is as follows
<interface> <control flag> <module name> <module arguments...>
Most likely your distro has a PAM config file in
/etc/pam.d/ that's named something like
common-auth, and in that file there should be a line that looks similar to
auth required pam_unix.so
and in order to activate u2f, we add a line like
auth sufficient pam_u2f.so cue
after you write to the file, make sure you keep a tty open, just in case.
Then try to log in through a different tty. The result should be something like;
hostname login: username Password: Please touch the device. $
If you don't want to be prompted to touch the device, remove the
cue argument in the config file.