Using a Yubikey to authenticate to a Gentoo system

Other languages

Very rough:

  • add my overlay
  • un-keyword the needed packages, for example by writing this to /etc/portage/package.accept_keywords/yubikey:
  • install pam_u2f

    There's still a weird problem in that ebuild, it puts the library in the wrong directory. You may need to cp /lib/x86_64-linux-gnu/security/ /lib64/security

  • add at the top of /etc/pam.d/system-login:
    auth  required
  • run, as each user on your machine:
    mkdir -p ~/config/Yubico
    pamu2fcfg -u${USER} -opam://$(hostname) -ipam://$(hostname) \
      >> ~/config/Yubico/u2f_keys
  • Done. Now you'll need to touch your Yubikey every time you login, after you type the username but before you type the password. See the pam_u2f documentation for further details.


By declaring that pam_u2f is "required", you're saying that the Yubikey is necessary in addition to your password. If you want to just use the Yubikey, write sufficient instead.

DatesCreated: 2015-11-29 13:30:11 Last modification: 2015-11-29 14:22:58