Protect sudo and su commands with YubiKey
Introduction
Sometimes you would like to have a more secure sudo or su command, especially if you are a developer and often use docker (that you run with root privileges). Solution that will give you a little more peace of mind if you are attacked by some kind of malware with keylogger. Answer to this case is using YubiKey for protecting sudo or su command. In the following article I will show how to setup a configuration in which sudo or su command will need standard password and touch of YubiKey present in USB port.
UPDATE 2025-01-25: Added paragraph "Bonus 3" at the end of article describing how to have PAM configuration regarding YubiKey in separate file and include it in PAM configuration files.
OS used: Debian 12
Software used: libpam-u2f 1.1.0
Hardware used: YubiKey 5 NFC