I hereby claim:
- I am vincentbockaert on github.
- I am vincentbockaert (https://keybase.io/vincentbockaert) on keybase.
- I have a public key ASCmdGWZqElaR93s9a_wo4YhlFfwk2fVVk88MKDFxUGs5wo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/bin/bash | |
read -p "Enter the PEM cert: " pem_cert | |
tempfile=$(mktemp) | |
openssl req -in cert.csr -out $tempfile -outform DER | |
acme_sectigo_cname_key=$(md5sum $tempfile | awk -F' ' '{print "_"$1}') | |
acme_sectigo_cname_value=$(sha256sum $tempfile | awk '{print substr($0,1,32) "." substr($0,33,64)}' | awk -F' ' '{print $1".sectigo.com."}') |
Goal: enable passwordless authentication for our logins as well privilege escalations (sudo). Alternatively, you can swap out the "sufficient" in the PAM-file edits to "required" to require your Yubikey on top of your password.
⚠️ Messing around in PAM files is hazardous, especially when going the "require" route: Be sure, to not lock yourself out (keep a failsafe terminal at the ready and use 2 yubikeys if you want to require the usage of a Yubikey)!
Note: this should also work with other WebAuthn capable devices, but I haven't been able to test this