#For Ubuntu-based distributions and Solokey U2F keys:
	#Adapted from https://schulz.dk/2019/08/23/using-solokey-for-linux-login/ and its follow-up.
	#This is aimed at Solokeys, so certain specifics may need to be modified. I'm an amateur and just found a few instructions lacking or misspelled in the original article. I am not responsible for you messing up your computer. Be careful when using sudo and DO NOT CLOSE files until you're sure they work. You can easily get locked out. You have been warned. You're probably going to want to use a proper TTY terminal, not a terminal emulator as logging in and out of your DE (lightdm is my screen-locker) will kick you out of a GUI. You will need to use your key every time you want to log into your lightdm GUI. If you don't want this, don't continue or change all the "required" code to "optional".

#Your key should be inserted for this entire process as you'll be required to use it multiple times during the process. 

sudo add-apt-repository ppa:yubico/stable && sudo apt update
sudo apt install udev libpam-u2f pamu2fcfg
	#Requires udev, most distros already have it installed.
sudo vim /etc/udev/rules.d/70-solokeys.rules


```
	#/etc/udev/rules.d/70-solokeys.rules
	#Add the following lines to the file and save it:
ACTION!="add|change", GOTO="solokeys_end"

	# SoloKeys rule
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"

LABEL="solokeys_end"

```

mkdir ~/.config/Yubico
pamu2fcfg > ~/.config/Yubico/u2f_keys
	#After pressing enter, you'll have a limited time to press the button on your key. It will add your key to authorized keys.
	#To add additional keys, change > to >> for appending.
sudo vim /etc/pam.d/sudo /etc/pam.d/lightdm -p


```
@include common-auth
	#Above is already present, add below line just below this
auth	required	pam_u2f.so

```
	#DO NOT CLOSE THE SUDO FILE UNTIL YOU HAVE CONFIRMED IT'S WORKING! YOU MAY GET LOCKED OUT OTHERWISE! I recommend using tmux or screen or something and a TTY holding /etc/pam.d/sudo and /etc/pam.d/lightdm open so if you lock yourself out, you can change "required" to "optional" and restore access.
	#Open a new terminal and type "sudo echo 'Key works'", enter your sudo password. It should pause until you click the key and then successfully echo. If something isn't working, you've done it wrong. Use :w and not :wq or :q for this part is key. This is your 3rd warning.

sudo echo "Key works"
#Enter pw if needed, then press key button
sudo vim /etc/pam.d/lightdm



```
	#Below line is optional and enables password-less login to your DE. It goes just above the @include common-auth
auth	sufficient	pam_u2f.so
@include common-auth
	#Above line is already present, add below line just below this
auth	required	pam_u2f.so
```


	#It's strongly advised if you choose this to add at least 1 additional key. You will need to use one of the authorized keys to log into your PC.