Commands to accompany the video if you want to follow along. This was done on Debian client, Ubuntu host. Commands may differ on other distros.
Install desktop tool to configure Yubikey
# Add repository
sudo add-apt-repository ppa:yubico/stable
# Install OTP GUI
sudo apt-get install yubikey-personalization-gui
Install PAM on host
sudo add-apt-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get install libpam-yubico
Create the authorized yubikeys file to associate yubi ID with system user in format (username):(yubi id) where yubi ID is first 12 characters of the OTP output
sudo vim /etc/ssh/authorized_yubikeys
Add yubikey to PAM configuration
sudo vim /etc/pam.d/sshd
Under PAM configuration (line 1) enter:
auth required pam_yubico.so id=\<client id\> key=\<secret key\> authfile=/etc/ssh/authorized_yubikeys
Modify sshd config
sudo vim /etc/ssh/sshd_config
Change the following directives to âyesâ:
...
ChallengeResponseAuthentication yes
UsePAM yes
...
Reload systemd daemons since the configuration of sshd changed on disk
sudo systemctl daemon-reload
Restart sshd
sudo systemctl restart sshd
Then simply use ssh to (re)connect to your host and you should be met with a key prompt before the password.
ssh [hostname]