ben/cfg.git/lib/authorized_yubikeys, branch master my dotfiles, via nix and home-manager yubikey login on helium 2022-01-31T21:45:55+00:00 Ben Sima ben@bsima.me 2022-01-31T21:45:55+00:00 e18ad25efd2768e597aaa9f94071ed47cb65803f This allows me to login and sudo with *either* a password or my yubikey. I also had to setup my yubikey with the instructions here: https://nixos.wiki/wiki/Yubikey#Logging-in Basically use ykman and ykpamcfg to generate a challenge-response setup on slot 2 of my yubikey. The pam config compares the key response with the ~/.yubico/challenge-* file in order to authenticate. I think pam uses the ~/.yubico/authorized_keys file to know to which yubikey to send the challenge, but I'm not sure on that one. 
This allows me to login and sudo with *either* a password or my yubikey.

I also had to setup my yubikey with the instructions here:
https://nixos.wiki/wiki/Yubikey#Logging-in

Basically use ykman and ykpamcfg to generate a challenge-response setup
on slot 2 of my yubikey. The pam config compares the key response with
the ~/.yubico/challenge-* file in order to authenticate. I think pam
uses the ~/.yubico/authorized_keys file to know to which yubikey to send
the challenge, but I'm not sure on that one.