I just bought a Yubikey 5 NFC and have set it up per their instructions on Ubuntu 19.04. But my preferred use case is to use the key as passwordless option (if it's plugged in; allow access – if it's not; enter password).
I've found some topics on this here and here but both are either not for a Yubikey or not for Ubuntu. And I'm too inexperienced with these things to blindly fiddle with settings as there is a good chance I'd get locked out forever if I do something wrong.
So I know the Yubikey 5 supports passwordless login for Windows, I figure it must be available on Ubuntu somehow, right? Does anyone have a tip for me?
Edit: To give some context to the valid point made below that this setup wouldn't increase security, matter of fact, would lower it: Yes, I know, very true indeed. However in my case I work mostly from my own (secured) home, but am a stickler for very complicated passwords. However it is slowing me down I have to enter a very long password each time my laptop idles too long, so for when I'm at home, I'd like to be able to use just the key, and if I'm away, leave the key at home and just use a password.
Edit2: Thanks to hackerb9's answer and running through the Yubico install steps again I got it to work.
Essentially all I did different was to add
auth sufficient pam_u2f.so to both
/etc/pam.d/sudo instead of
@include common-u2f (which would result in
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue).
So essentially just removed
authfile=/etc/u2f_mappings cue did the trick. I'm not 100% sure but I think this is due a 'setup conflict' as I set up the key before attempting this.