Intended for use under Linux; this bash script lets you change how your Yubikey is used to authenticate on your device. It can be use used as the primary authentication method or changed to a 2nd factor authentication step for increased security.
a2fa.sh usage examples
This script will changes the active primary authentication method between requiring the Yubikey as the primary authentication or as a 2nd factor.
Cloning the repository
git clone git@gitlab.com:oddineers-public/linux-helper-scripts.git
cd linux-helper-scripts/yubikeySupported arguments
cd <path-to-scripts>
# Authenticate with Yuibkey
sudo a2fa.sh auth
# Use Yubikey as 2nd factor authentication
sudo a2fa.sh 2fa
# OR
# Authenticate with Yuibkey
sudo <path-to-scripts>/a2fa.sh auth
# Use Yubikey as 2nd factor authentication
sudo <path-to-scripts>/a2fa.sh 2faIf installed run from local bin:
# Authenticate with Yuibkey
sudo a2fa auth
# Use Yubikey as 2nd factor authentication
sudo a2fa 2faInstallation
sudo mv a2fa.sh /usr/local/bin/a2faUninstallation
sudo rm -f /usr/local/bin/a2faSource Reference
#!/bin/bash
# Ensure pamu2fcfg is installed
if ! command -v pamu2fcfg --version &> /dev/null; then
echo "pamu2fcfg could not be found. Please ensure these packages are installed: pam-u2f pamu2fcfg yubikey-manager"
exit 1
fi
# Function to perform authselect operation
perform_authselect() {
local mode=$1
local message=$2
# If not already elevated try
sudo authselect select sssd "$mode" without-nullok > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "$message"
else
echo "Failed to update authentication settings to $mode."
exit 1
fi
}
case "$1" in
auth)
perform_authselect "with-pam-u2f" "Authentication settings updated to use Yubikey as auth successfully."
;;
2fa)
perform_authselect "with-pam-u2f-2fa" "Authentication settings updated to use Yubikey as 2FA successfully."
;;
*)
echo "Invalid argument: $1"
echo "Usage: $0 {auth|2fa}"
exit 1
;;
esac