Skip to content

Instantly share code, notes, and snippets.



Created Sep 18, 2015
What would you like to do?
YubiKey NEO で Linux でも 2段階認証しよう! ref:
$ packer -S yubikey-personalization yubikey-personalization-gui yubikey-neo-manager
$ yubikey-personalization-gui
$ ssh -YC ma2@xxxxxxx
Authenticated with partial success.
YubiKey for `ma2':
auth sufficient mode=challenge-response chalresp_path=/etc/yubico
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
Commit? (y/n) [n]: y
$ mkdir $HOME/.yubico
$ ykpamcfg -2 -v
Stored initial challenge and expected response in '/home/user/.yubico/challenge-123456'.
$ mkdir /etc/yubico
$ chmod +t /etc/yubico
$ chmod 777 /etc/yubico
$ mv /home/user/.yubico/challenge-####### /etc/yubico/username-#######
auth required authfile=/etc/u2f_mappings
$ pamu2fcfg -u <username>
$ sudo ls
Please touch the device.
$ udevadm monitor --environment –udev
$ neoman
# Yubikey Udev Rule: running a bash script in case your Yubikey is removed
ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0116", ENV{ID_SERIAL_SHORT}=="00000000000", RUN+="/usr/local/bin/yubikey-lock"
user=`ps aux | grep -v root | grep gdm-x-session | head -n 1 | awk '{print $1}'`
sessionid=`/bin/loginctl list-sessions | grep ${user} | awk '{print $1}'`
if [ -z "$(lsusb | grep Yubico)" ]; then
logger "YubiKey Removed"
/bin/loginctl lock-session $sessionid
$ packer -S yubico-pam pam_u2f
auth sufficient id={Your ID} key={Your Key} authfile=/etc/yubikey_mappings
<first user name>:<Yubikey token ID1>:<Yubikey token ID2>:….
<second user name>:<Yubikey token ID3>:<Yubikey token ID4>:….
$ cccccccgklgcvnkcvnnegrnhgrjkhlkfhdkclfncvlgj
bash: cccccccgklgcvnkcvnnegrnhgrjkhlkfhdkclfncvlgj: command not found
`Modhex encoded: XXXXXXX`
auth required id=xxxxxx key=xxxxxxxxxxxxxxxxxxxxxx authfile=/etc/yubikey_mappings
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
UsePAM yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,keyboard-interactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.