yubi key and pam_u2f

Posted on 2026-06-25 In Notes

install pam_u2f

1	sudo dnf install pam-u2f pamu2fcfg

insert yubi key and run:

1 2	mkdir -p ~/.config/Yubico pamu2fcfg > ~/.config/Yubico/u2f_keys

Touch the key to approve the creation of credential.

Check the current authselect profile:

1	sudo authselect current

add u2f to authselect profile:

1	sudo authselect select local with-pam-u2f

Note: local is the profile ID from current authselect.

Apply:

1	sudo authselect apply-changes

By default Yubi key prints a OTP code when touched. I don’t use that feature, so I can disable it:

1 2	ykman config usb --disable OTP ykman info

This config writes to the key.