archlinux/functions/yubikey

#!/usr/bin/env bash
echo

[ -d ~/.config/Yubico ] || mkdir -p ~/.config/Yubico

sudo pacman -S --ask 4 pam-u2f yubico-pam

read -n 1 -s -p $'\n\e[1;33mInsert your yubikey and press the enter key to continue \e[0m'
echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'

pamu2fcfg > ~/.config/Yubico/u2f_keys

read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY

until [[ "$YUBIKEY" = [nN] ]]
do
    if [[ "$YUBIKEY" != [yYnN] ]]
    then
        echo -e '\n\n\e[1;31mNot a valid answer, type "y" or "n"\e[0m'
        read -n 1 -p $'\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
    elif [[ "$YUBIKEY" = [yY] ]]
    then
        read -n 1 -s -p $'\n\n\e[1;33mInsert the next yubikey and press the enter key to continue \e[0m'
        echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'

        pamu2fcfg -n >> ~/.config/Yubico/u2f_keys

        read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
    fi
done

echo -e '\n\n\e[1;33mUpdating pam configs'
echo -e 'Open another terminal or tty and login as sudo in case an issue comes up'
read -n 1 -s -p $'Press the enter key once logged in as sudo in another terminal or tty \e[0m\n'

# System wide user authentication
sudo sed -i '/^auth .* required .* pam_faillock.so .* authsucc/a\
auth       required                    pam_u2f.so' /etc/pam.d/system-auth

# Polkit authentication
sudo sed -i '/^#%PAM.*/a\
auth       sufficient   pam_u2f.so' /etc/pam.d/polkit-1

# Sudo authentication
sudo sed -i '/^#%PAM.*/a\
auth            sufficient      pam_u2f.so' /etc/pam.d/sudo

# KDE lockscreen authentication
sudo sed -i '/^#%PAM.*/a\
auth            required        pam_u2f.so' /etc/pam.d/kde

cat > ~/.local/functions/add-yubikey <<- 'ADDYUBIKEY'
# Add a new yubikey
function add-yubikey
{
    read -n 1 -s -p $'\n\e[1;33mInsert your yubikey and press the enter key to continue \e[0m'
    echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'

    pamu2fcfg -n >> ~/.config/Yubico/u2f_keys

    read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
        until [[ "$YUBIKEY" = [nN] ]]
        do
            if [[ "$YUBIKEY" != [yYnN] ]]
            then
                echo -e '\n\n\e[1;31mNot a valid answer, type "y" or "n"\e[0m'
                read -n 1 -p $'\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
            elif [[ "$YUBIKEY" = [yY] ]]
            then
                read -n 1 -s -p $'\n\n\e[1;33mInsert the next yubikey and press the enter key to continue \e[0m'
                echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'

                pamu2fcfg -n >> ~/.config/Yubico/u2f_keys

                read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
            fi
        done
    echo -e '\n\n\e[1;34mYubikeys updated'
    echo -e 'Exiting...\e[0m\n'
}
ADDYUBIKEY

echo -e '\n\e[1;34mYubikey setup completed'
echo -e 'To update your saved yubikeys, run "add-yubikey" in the terminal'
echo -e 'Exiting...\e[0m\n'
rm -f ${0}