Can biometric be replaced by a Yubikey as 2F?

George1pw
George1pw
Community Member
in SSH

Hello,

Can anyone confirm it is possible to use a Yubikey instead of a biometric to use as second factor with the SSH-Agent?
My T480 still has a lot of millage in it, but unfortunately the fingerprint sensor is not supported in any Linux distro. I followed the instructions on https://developer.1password.com/docs/ssh/ but nothing seems to happen.

I use a key as 2FA when logging in or using sudo. common_auth contains the line

auth required pam_u2f.so nouserok authfile=/etc/u2f_keys cue

Thanks,

George

1Password Version: 8.9.8
Extension Version: Not Provided
OS Version: Ubuntu 22.04
Browser:_ Not Provided

Comments

  • George1pw
    George1pw
    Community Member

    Short answer: yes, it can.
    A magical reboot solved everything.

  • Unknown
    Unknown
    This content has been removed.
  • Jack.P_1P
    Jack.P_1P

    Hey @sitepodmatt:

    The 1Password SSH agent uses system authentication. On Linux, that would require adding an additional PAM module for the authentication method you're looking for. It's important to keep in mind that even with a different PAM module, you'll still need to take action to confirm the request.

    Jack

This discussion has been closed.