Add CLI instructions for configuring a Yubikey in Challenge/Response Mode

[jmynes]

The GUI instructions for configuring a Yubikey in Challenge/Response mode require a now EOL tool, which is not found in the Debian Bookworm repository:
https://developers.yubico.com/yubikey-personalization-gui/

Yubikey recommends one of two replacement tools:

• GUI: yubioath-flutter
  • Seemingly, this does not support setting Challenge/Response
• CLI: yubikey-manager
  • I did not test this tool, yet

I used their older CLI tool, ykpersonalize, to achieve the same result as the existing documentation below; however, I now realize while writing this, that this tool is also deprecated, despite still being available in Debian Bookworm.

Further testing is recommended, I'll update when I find out more

[mkowalski18]

If using Debian 12 (bookworm), the command sudo apt-get install yubikey-manager will install ykman(1), which is the supported way to configure YubiKeys under Linux now.

From mfa.md, I don't immediately recognize what is trying to be achieved there - it's been years since YubiKey Personalization GUI was a supported tool.

If I understood what was trying to be achieved I'd suggest the alternative command for ykman(1). However you can find the documentation for it here: https://docs.yubico.com/software/yubikey/tools/ykman/Base_Commands.html

[mkowalski18]

Okay after reading a bit more, I still don't fully understand what's trying to be achieved (this isn't an area of YubiKeys I use much at all), but I think the equivalent command to ykpersonalize might be:

Either ykman otp chalresp -t 2 <KEY> or some variation of ykman otp hotp 2 <KEY>.

Take a look at ykman otp chalresp --help and https://docs.yubico.com/yesdk/users-manual/application-otp/challenge-response.html or ykman otp hotp --help and https://docs.yubico.com/yesdk/users-manual/application-otp/hotp.html for more information.

[maiska]

Heads up: this will take a little while to review :)