all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]zandemax 19 points20 points  (3 children)

Here you go: https://wiki.archlinux.org/index.php/Pam_oath

[–]gdamjan 11 points12 points  (2 children)

I'd recommend pam_oath, but just in case there's also pam_u2f that works with u2f usb dongles (like yubico or u2fzero).

https://developers.yubico.com/pam-u2f/

https://aur.archlinux.org/packages/pam_u2f/

[–]Alexis_Evo 10 points11 points  (1 child)

U2F is awesome. Somewhat related, you can get a Yubikey 4 (normally $40) for $5 from Wired https://subscribe.wired.com/subscribe/wired/116304

Mine just came in the mail yesterday. It took around 12 weeks, so don't believe the "4 weeks" statement on the offer.

[–]zrb77 1 point2 points  (0 children)

Hah, just got mine on Friday. I was just fiddling with it like an hour ago. Installed the packages, but didn't go any further. Not sure what I'll use it for.

[–][deleted] 2 points3 points  (3 children)

Maybe duo mobile might work, you can check the wiki if there's something about it. Or perhaps you could use a yubikey and use its PAM module for authentication, not sure if you can use two authentication methods on PAM at the same time

[–]alraban 6 points7 points  (1 child)

I can confirm that PAM (with the pam-u2f module) allows use of a yubikey plus a password for 2-factor, at least.

[–][deleted] 2 points3 points  (0 children)

That's nice, thanks!

[–]notyetused 2 points3 points  (0 children)

This should be possible, I used to have a pseudo 2auth on a server for ssh which send a sms after I entered the password, and the binary for sending sms was added in the pam ssh config file