Can biometric be replaced by a Yubikey as 2F?

George1pwGeorge1pw
Community Member

Hello,

Can anyone confirm it is possible to use a Yubikey instead of a biometric to use as second factor with the SSH-Agent?
My T480 still has a lot of millage in it, but unfortunately the fingerprint sensor is not supported in any Linux distro. I followed the instructions on https://developer.1password.com/docs/ssh/ but nothing seems to happen.

I use a key as 2FA when logging in or using sudo. common_auth contains the line

auth required pam_u2f.so nouserok authfile=/etc/u2f_keys cue

Thanks,

George


1Password Version: 8.9.8
Extension Version: Not Provided
OS Version: Ubuntu 22.04
Browser:_ Not Provided

Comments

  • George1pwGeorge1pw
    Community Member

    Short answer: yes, it can.
    A magical reboot solved everything.

  • sitepodmattsitepodmatt
    Community Member

    The incessant prompting due to "new process always require approval" for those that don't have a stable terminal jump pad - tmux et al.. is driving me insane.

    Can you advise which YubiKey you purchased? And once inserted there nothing else I need to do - the prompt resolves automatically without intervention?

  • Jack.P_1PJack.P_1P

    Team Member

    Hey @sitepodmatt:

    The 1Password SSH agent uses system authentication. On Linux, that would require adding an additional PAM module for the authentication method you're looking for. It's important to keep in mind that even with a different PAM module, you'll still need to take action to confirm the request.

    Jack

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file