Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

George1pw's avatar
George1pw
Occasional Contributor
3 years ago

Can biometric be replaced by a Yubikey as 2F?

Hello,

Can anyone confirm it is possible to use a Yubikey instead of a biometric to use as second factor with the SSH-Agent?
My T480 still has a lot of millage in it, but unfortunately the fingerprint sensor is not supported in any Linux distro. I followed the instructions on https://developer.1password.com/docs/ssh/ but nothing seems to happen.

I use a key as 2FA when logging in or using sudo. common_auth contains the line

auth required pam_u2f.so nouserok authfile=/etc/u2f_keys cue

Thanks,

George


1Password Version: 8.9.8
Extension Version: Not Provided
OS Version: Ubuntu 22.04
Browser:_ Not Provided

  • George1pw's avatar
    George1pw
    Occasional Contributor

    Short answer: yes, it can.
    A magical reboot solved everything.

  • Former Member's avatar
    Former Member

    The incessant prompting due to "new process always require approval" for those that don't have a stable terminal jump pad - tmux et al.. is driving me insane.

    Can you advise which YubiKey you purchased? And once inserted there nothing else I need to do - the prompt resolves automatically without intervention?

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team

    Hey @sitepodmatt:

    The 1Password SSH agent uses system authentication. On Linux, that would require adding an additional PAM module for the authentication method you're looking for. It's important to keep in mind that even with a different PAM module, you'll still need to take action to confirm the request.

    Jack