diff --git a/security/common-yubikey b/security/common-yubikey new file mode 100644 index 0000000..0ef2a75 --- /dev/null +++ b/security/common-yubikey @@ -0,0 +1,2 @@ +auth sufficient pam_u2f.so origin=pam://gubal.reya.zone appid=pam://sudo@gubal.reya.zone authfile=/etc/security/sudo_u2f_creds userpresence=1 +auth [success=done default=die] pam_yubico.so authfile=/etc/security/sudo_yubikey_creds id=63714 key=gYqF0olpZKU7W/dN+VSJ7jPZ1fA= mode=client diff --git a/security/sudo_u2f_creds b/security/sudo_u2f_creds new file mode 100644 index 0000000..54718a6 --- /dev/null +++ b/security/sudo_u2f_creds @@ -0,0 +1 @@ +reya:Z5hN9NQXo4VspZoxm2ur_S2xAMyfJhaPZv6n6dlO8n6q660YtAHqbXbT0IR6G9WGqymjEYE9_-bvSF61AnPe9w,0450d9dfe328922c982f65e6aa99a6210e650b06788c6ffb999f26ada1d40770bd61cd66cb65593de68c2b7495a6cdf881b07769de219f01a6cbdee9bd66a613d9:_5nDoN78dC2s7_5_3HHKDPsQ0em9kyRlFbX4450xzD4pq7JH9qYOo_XGccv-RyPsZDLLCwzQg1niiGr_Ljx0_w,04f0ed6003258f33250e8460e477abc96a1acced8fb3f5401a9fe3c2896257b30c432079afdf99defccdb8e4fb512ba1aeb90d2be623429809a9071d29af2bb156:5QRm8ouESOMbJ55XzKib8aRPqFRR_RH2hhoICLjNpyj9uMU4rD-0RHl54MZ92VXGafooK5Hi4j3BylGnagAeVQ,0438aabaf70c9fbdc5a161e34ced94af12dfca8777474cf0cc6d82c432e67aec4e596614badbeef472d7a5a8d5633beb948b5b540b02322ecf7f758e1b9a9a8bde:3lbbJhV04K3Ix_20FjsmMaXR8TpT9WLQkVfwjdhYIILYw3YOsBTOT69rfl2Up6wQZ4WNf21UmS-fQi9uho5ZQA,04714287c544595e5637d5dacdaa32b9e8e315595c8bbddf496101aa298623dce6f2b91ce9f8177e2be1cdf10c9bb790ade682898e35454d87631eac4b317dca37:5eb9Di-0CnxYmR0h6XZSOjYzLi7nYU3rl7JReSLVh53dJpT-xb6pNe7QIYWlD7EIPM9ITO0Gj-FFkju0-Ob6xQ,04c4c199ee94c5eac5a5687db0f7d467bff12c4deeee382dcea03087ec6b9514421821e650f16f8bc10bcfa735e8428a5e89eed8cfba760a571fb2e5cbadc29023:rG2WuTYjYC3q2ekmrwzymed_iCjVZr2d9WMsHeB47CaQN5aButSgMSLlGIJZkDes7cymtKpO-kKwUwhm_SwEvQ,04e0101aaa9a29dd1ac2f5d7b8e755a9d71b6798a2d05419210ee7addc0a7ab8e8358cceac84c7947ffb48914cd1d914cef821aa6201a4b1ddf8a9ef82ab439255:loxY6Tlf9p1J1Tcn8VZq3effiW1_asIi9xQPVyKI-d61OP-zjwqCqEYYcQQghXUgSOn91K-n1uMv3glBJQJp1Q,0417a50875e09de9f35271c37996f85184a1585ebf1d7580fc7299cdfce60a6df347204b102bf75fbede92427eda509ec2a5aa5bf5f2e3b2875a6a9c5dc173a95d:EGKdHhBMfEd97le_GPP43aTXubW1SXgymjmAwjB0NrlFgn3m7uGDMQqU9LBurSCJB9hcbEGgSO6curLx4BGFHw,04005336f5df571154082f717faccfe377e764765174978f29c9120a1c39c6562e8a413f773b99754a33b0174d0eef34c362574689521024eae85f26a360a5a5a8 diff --git a/security/sudo_yubikey_creds b/security/sudo_yubikey_creds new file mode 100644 index 0000000..61338e1 --- /dev/null +++ b/security/sudo_yubikey_creds @@ -0,0 +1 @@ +reya:ccccccugjihb:ccccccnviijf:ccccccugjjjc:ccccccvchenv:cccccctgdrve:ccccccnviijd diff --git a/ssh/authorized_keys b/ssh/authorized_keys index 62e8d9a..ffd94c5 100644 --- a/ssh/authorized_keys +++ b/ssh/authorized_keys @@ -1,12 +1,3 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCYZKFQ9B/ak54yT+DBm7b/2xVolnGUj6KTTVJE91c0 reya@blocky-cafe -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj8gIZNV+euy5AsiA/W/B+XVyhQmaHDFB+NnyP7KpBO mari@moonmother -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsxWR5n8WREoU6d8diPS1tbE6VVvCOSFutgPybz8ZyW mari@earhdaughter -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfOanT92heZ6YuDtUx64hUlR+/blZqRI39v9fSfGY+O rock64@rock64 -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjdZqfgjifJmIfKgB1PPyU9N7q0RT8fw+/UOWnv0iX6 reya@EarthDaughter -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUj5KCi1QgnwfBTsEZR5ET9Mdav/W8zp4Za09Dhos6l mari-wovn@earthdaughter -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKii0xT6W3GxLS6f4QM/ZmS6PaLwIU+l/zfZV+huM7Ka mari-wovn@MoonMother -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxRWMJeoWbgUdJTWdN5PxA7524g84fbhoNE3dM4W1e0 marissa@mari-wovn -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI9VXEs7IWD+TalMJwaraHipPQCoDIHp7LuIM1ZfXxV mari-wovn@youko -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElnYGPGKpgWvvYG0sj53WBsN2e8RVF4H64JnfDFoink reya@pop-os -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObCKBH51G2GDZ7L1mqKgIYDNIyL6R95vjflacs75/43 reya@mordhona +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJPyclfoH3j3BWWFbZtAXxi5AQQdbPLFckxjfC8ZU34qAAAABHNzaDo= yubikey@mordhona ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUPHMtySv3og9FNipUfRW1ApwJmurMmnyJAt8O0JHVt reya@costadelsol +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFatT2bHMdJx8jj66b6vSA0/Ore58QraoToGTq7tO5MOAAAABHNzaDo= yubikey@crystarium diff --git a/ssh/known_hosts b/ssh/known_hosts index 98d3f4b..a37239a 100644 --- a/ssh/known_hosts +++ b/ssh/known_hosts @@ -21,3 +21,6 @@ |1|5gSThmEbwk9RPoxTKSLrMrYZ8N8=|BsdsaUKfdtWFF7+46C1VIVgciFE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMdn5sEnX3ZHIcvOqzcJ94+v58mzmvsoOLgNUXKSEze8POd0r/lSKt4602EKF8qWEDPI11sogDh7gQmKsKn1wkE= |1|ImnplcyBobA27BV4luZ4LdCysBU=|F5+ScGe2nAKIg/qvTwy3Z1/RQ8k= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLcZMiY2CF9yJRWvFiAJS5h0faStNy6TNLQ4scfXrGvUBjSk3w3BWZmPnWWIVXwzMUKUHbhpXhSZFeFzFIfk34= |1|FGvxg77Tr4PSvebqz50evDSG5+4=|uoFeTHo0fAop8bSWZpsIMqQJCrs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLcZMiY2CF9yJRWvFiAJS5h0faStNy6TNLQ4scfXrGvUBjSk3w3BWZmPnWWIVXwzMUKUHbhpXhSZFeFzFIfk34= +|1|oKfPk1zR4fSLSMa4ptAdTN3rcB4=|/YJDngVHLtiyYY9oyhSysVZut+8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLcZMiY2CF9yJRWvFiAJS5h0faStNy6TNLQ4scfXrGvUBjSk3w3BWZmPnWWIVXwzMUKUHbhpXhSZFeFzFIfk34= +|1|9N54OVKL3TwWAhXSeyJY2B2hxUc=|D/SuEuNFnRrespmWxHfsOEFfvZY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLcZMiY2CF9yJRWvFiAJS5h0faStNy6TNLQ4scfXrGvUBjSk3w3BWZmPnWWIVXwzMUKUHbhpXhSZFeFzFIfk34= +|1|xFKSBgN/iwnGUfh88YtOupkQWKc=|vJ9pEOfPeDz4ROpt6Sl6VItguHw= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLcZMiY2CF9yJRWvFiAJS5h0faStNy6TNLQ4scfXrGvUBjSk3w3BWZmPnWWIVXwzMUKUHbhpXhSZFeFzFIfk34= diff --git a/ssh/rc b/ssh/rc index 9b5f860..443b7e0 100755 --- a/ssh/rc +++ b/ssh/rc @@ -4,7 +4,7 @@ if [ -x /etc/ssh/sshrc ]; then . /etc/ssh/sshrc fi -#if [ -n "$SSH_AUTH_SOCK" ]; then -# ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock -# export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock -#fi +if [ -n "$SSH_AUTH_SOCK" ]; then + ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock + export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock +fi