the grand idea
I like public key auth. I feel safer using them instead of a username and password login. But, I might not have my private key with me at a time where I need access.
I started using yubikey with LastPass and since I have it always on my keychain, I decided to find more ways to make use of it.
I wasn't originally aware, but if you pass a private key to ssh and sshd is configured to accept a key, it appears pam isn't used. Your authorized keys are checked and you are logged in. If you don't pass a private key, ssh falls back to the more standard un*x style login found in
/etc/pam.d/sshd. This is where we'll add the yubikey pam. I am currently unaware of a way to use both public key auth and yubikey for login.
These steps worked for me on debian squeeze/wheezy.
more info at the yubico-pam github repo