blob: f3582db04e6861f5c9f85f47b8c80626f2b348c5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#!/bin/env bash
# This only serves as an additional security measure IF YOU ALREADY TRUST YOUR ENVIRONMENT
# choose one or more verification methods (TOTP is great obviously)
set -e
# serial verification
SERIAL="YOURSERIAL"
connected=$(ykman list --serials 2>/dev/null)
[ "$connected" = "$SERIAL" ] || exit 1
# TOTP verification
TOTPKEY="YOURTOTPKEY"
key=$(oathtool -b "$TOTPKEY" --totp=SHA1)
gen=$(ykman oath accounts code linux | awk '{print $2}')
exit $([ "$key" = "$gen" ])
# stored public key verification
# PUBKEY="YOURPUBLICKEYPATH"
# pub=$(yubico-piv-tool -aread-cert -s9a -KSSH)
# cmp -s <(echo "$pub") <(awk '{ print $1 " " $2 }' <$PUBKEY) || exit 1
|
