Adding Yubikey as Passwordless Sudo on Arch Linux
Sun 03 December 20231. Install required software for your yubikey
yay -S yubikey-manager yubikeymanager-qt pam-u2f
2. Create an u2f mappings file
pamu2fcfg | sudo tee -a /etc/u2f_mappings
3. Create common-u2f file in /etc/pam.d
echo >> /etc/u2f_mappings
cd /etc/pam.d
echo 'auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue' > common-u2f
4. At this point you are about to make changes to your auth system.
For safety, you need to have another TTY open with sudo permissions already granted, so you can roll back changes if necessary.
Do so by using control+alt+f3 (change the f key depending on your tty config). Login and type sudo su to get an elevated prompt.
5. Add this line
auth include common-u2f
into to your /etc/pam.d/system-auth file directly in between the systemd and unix checks like this:
# this checks for existing auth
auth [success=2 default=ignore] pam_systemd_home.so
# if not found use u2f if it is plugged in
auth include common-u2f
# if no u2f then login normally with password
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
6. Test it out and make sure that it works in a new TTY or terminal window!