Adding U2F to Your Login in Ubuntu!
So I wrote this a few years ago for Ubuntu and it’s pretty useful, so I ported it over from my old blog. I have performed this configuration for Arch Linux as well and frankly I should write a blog about it, because it was a little fiddly. Anyway here’s the old blog. So one thing I really appreciate about Yubikeys is that they force the issue of security. They are a discrete, physical second factor. Don’t have your Yubikey? Good luck getting on to the system. This isn’t to say that somehow the Yubikey (Or similar, U2F-capable devices) will secure everything under the sun, and let’s be real there are always going to be side channel attacks, but the point of any endeavor in security is to delay a sufficiently motivated attacker until they A.) Get caught, or B.) Lose motivation. Traditionally, setting up second factor authentication on end-user boxes has been a bit of a pain, requiring an agent (Such as the old Windows Yubico agent that relied on a HMAC challenge-response setup) some other sort of implementation. Because of the nature of PAM this ties right in, and because it’s using FIDO2 it should be good to use for the foreseeable future. ...