A basic procedure to use your Yubikey instead of your password with sudo and session authentication on Fedora.

You must start by installing the necessary packages for U2F authentication.

sudo dnf install pam-u2f pamu2fcfg

Then you have to create the directory for the Yubikey.

mkdir -p ~/.config/Yubico

Just plug your Yubikey in your computer then type the following command

pamu2fcfg > ~/.config/Yubico/u2f_keys

When the yubikey's light's flashing, you must touch it to validate the action. In theory, you really should have a second Yubikey. If you have one, add it using

pamu2fcfg -n » ~/.config/Yubico/u2f_keys

On Fedora, the best way to do it is by using authselect by typing

sudo authselect select sssd (“sssd” being the PAM profile for authentication)

sudo authselect enable-feature with-pam-u2f (or with-pam-u2f-2fa if you want real 2fa and not just replace your password)

You can check if it worked by typing

authselect current

You should see with-pam-u2f in the list

First, keep your current terminal open (to not be blocked out of your system if it didn't work as it should have).

Open a new terminal and type a command with sudo (i.e. sudo ls)

It should ask you to touch your Yubikey instead of asking for your password !