yubikey login on helium

This allows me to login and sudo with *either* a password or my yubikey. I also had to setup my yubikey with the instructions here: https://nixos.wiki/wiki/Yubikey#Logging-in Basically use ykman and ykpamcfg to generate a challenge-response setup on slot 2 of my yubikey. The pam config compares the key response with the ~/.yubico/challenge-* file in order to authenticate. I think pam uses the ~/.yubico/authorized_keys file to know to which yubikey to send the challenge, but I'm not sure on that one.
author: Ben Sima <ben@bsima.me> 2022-01-31 16:45:55 -0500
committer: Ben Sima <ben@bsima.me> 2022-01-31 16:45:55 -0500
commit: e18ad25efd2768e597aaa9f94071ed47cb65803f (patch)
tree: 49acc2974cdfde65d35328563134ce12cb0369b3 /lib/authorized_yubikeys
parent: a3be270668ae5780f3ef0437b088870ebbf8e011 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/authorized_yubikeys b/lib/authorized_yubikeys
new file mode 100644
index 0000000..9e4c5a6
--- /dev/null
+++ b/lib/authorized_yubikeys
@@ -0,0 +1 @@
+ben:cccccchklur
author	Ben Sima <ben@bsima.me>	2022-01-31 16:45:55 -0500
committer	Ben Sima <ben@bsima.me>	2022-01-31 16:45:55 -0500
commit	e18ad25efd2768e597aaa9f94071ed47cb65803f (patch)
tree	49acc2974cdfde65d35328563134ce12cb0369b3 /lib/authorized_yubikeys
parent	a3be270668ae5780f3ef0437b088870ebbf8e011 (diff)