title: How to install and configure the yubikey-pam module on archlinux --- body: ![](yubico.jpg) Not so long ago I've been gifted with a Yubikey. It's a two-auth hardware solution with multiple auth methods (OTP, Challenge-response, OATH-HOTP and static password). It easily scaled to one of my favourite and most useful gadgets. I've been a google authenticator user for a while, but the yubikey is just much easier to work with: when configured, you only need to tap a button on the usb stick to generate your key. You can use this in many ways, but in this post I'm focusing on ssh authentication and how to install the yubico-pam module into an Arch installation. ## Installing the required packages Thanks to the awesome arch community we already have the needed packages on the AUR, these are: [yubico-pam- git](https://aur.archlinux.org/packages/yubico-pam-git/), [yubico-c-client- git](https://aur.archlinux.org/packages/yubico-c-client-git/), [yubikey- personalization-git](https://aur.archlinux.org/packages/yubikey- personalization-git/) and [libyubikey](https://aur.archlinux.org/packages/libyubikey/). Keep in mind that you _may_ need to install more packages depending on your system installation. You can install that with your favourite AUR helper or using `makepkg`: ``` text $ curl -O https://aur.archlinux.org/packages/li/libyubikey/libyubikey.tar.gz $ tar xvzf libyubikey.tar.gz $ cd libyubikey $ makepkg PKGBUILD # ... $ sudo pacman -U libyubikey-1.10-2-x86_64.pkg.tar.xz ``` Repeat that step for all the packages, in order: _libyubikey_, _yubico-c- client_, _yubikey-personalization_ and _yubico-pam_. If you have trouble installing from the AUR [refer to the appropiate wiki page](https://wiki.archlinux.org/index.php/AUR#Installing_packages). ## Configure the PAM module Edit `/etc/pam.d/sshd` and add on top on the rest of the auth modules: ``` text auth sufficient pam_yubico.so id=XXXX key=XXXX ``` You can obtain an ID/key conbination by registering your yubikey [at this page](https://upgrade.yubico.com/getapikey/). ## Authorization methods ### Individual authorization mapping If your server have multiple users this is the easiest method to let them configure their yubikeys. You just need to create the file `$HOME/.yubico/authorized_yubikeys` with the following contents: ``` text :[::[::[: