Enable Yubikey Two-Factor Authentication for SSH

cd ~
mkdir .yubico
sudo aptitude install autoconf libtool libusb-1.0-0-dev libcurl4-openssl-dev libpam-dev
sudo aptitude install build-essential

wget https://github.com/Yubico/yubico-c-client/tarball/master
tar zxvf master
cd Yubico-yubico-c-client-*
sudo autoreconf --install
sudo ./configure
sudo make
sudo make install
cd ..
/bin/rm master


wget https://github.com/Yubico/yubico-c/tarball/master
tar zxvf master
cd Yubico-yubico-c-*
sudo autoreconf --install
sudo ./configure
sudo make
sudo make install
cd ..
/bin/rm master


wget https://github.com/Yubico/yubikey-personalization/tarball/master
tar zxvf master
cd Yubico-yubikey-personalization-*
sudo autoreconf --install
sudo ./configure
sudo make
sudo make install
cd ..
/bin/rm master


wget https://github.com/Yubico/yubico-pam/tarball/master
tar zxvf master
cd Yubico-yubico-pam-*
sudo autoreconf --install
sudo ./configure
sudo make
sudo make install
cd ..
/bin/rm master


# Get an API key and passwd from https://upgrade.yubico.com/getapikey/
sudo nano /etc/pam.d/sshd # Find PAM configuration and add:
auth required pam_yubico.so id= key= debug


sudo nano /etc/pam.d/common-auth
# add "debug try_first_pass" to end of auth string


sudo nano /etc/ssh/sshd_config
# ensure PasswordAuthention yes and ChallengeResponseAuthentication no

sudo mv /usr/local/lib/security/pam_yubico.so /lib/security

nano ~/yubico/authorized_yubikeys
# The Yubikey id is the first 12 characters of a one-time-password generated by the Yubikey.
# syntax: username:12-char-yubikey-id

sudo touch /var/run/pam-debug.log
chmod go+w /var/run/pam-debug.log
sudo service ssh restart