Yubikey personal login to your computer with use of PAM and U2F.
Example for NixOS
NixOS relevant options (/etc/nixos/configuration.nix):
{
security.pam.services.login.u2fAuth = true;
security.pam.services.lightdm.u2fAuth = true;
security.pam.services.slock.u2fAuth = true;
}
mkdir ~/.config/Yubico
pamu2fcfg > ~/.config/Yubico/u2f_keys
Rebuild.
Example for Ubuntu
mkdir ~/.config/Yubico
pamu2fcfg > ~/.config/Yubico/u2f_keys
First, create a command, then add a udev rule to execute it on Yubikey removal.
Create new file /usr/bin/lockscreen-all with content:
#!/usr/bin/env bash
if [ -z "$(lsusb | grep Yubico)" ]; then
loginctl list-sessions | grep '^\ ' | awk '{print $1}' | xargs -i loginctl lock-session '{}'
fi
Make it executable:
chmod +x /usr/bin/lockscreen-all
This is for Yubikey 4.
{
services.udev.extraRules = ''
ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", RUN+="/usr/bin/lockscreen-all"
'';
}
This is for Yubikey 4.
Create new file /etc/udev/rules.d/99-remove-yubikey.rules with content:
ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", RUN+="/usr/bin/lockscreen-all"