diff --git a/machines/common.nix b/machines/common.nix
index 9568a80..5798d86 100644
--- a/machines/common.nix
+++ b/machines/common.nix
@@ -52,9 +52,11 @@ inputs:
   };
 
   services = {
+    # yubikey smartcard mode
+    pcscd.enable = true;
     dbus.packages = with pkgs; [ gcr ];
-    # for u2f stick
-    udev.packages = with pkgs; [ libu2f-host ];
+    # for u2f stick and yubikey
+    udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
     davfs2.enable = true;
     unbound.enable = true;
     udisks2.enable = true;
@@ -117,6 +119,11 @@ inputs:
     xfce.thunar
     xfce.thunar-volman
     gvfs
+
+    # yubikey packages
+    yubikey-manager-qt
+    yubikey-personalization-gui
+    yubioath-desktop
   ];
 
   virtualisation = {
@@ -171,4 +178,12 @@ inputs:
       };
     };
   };
+
+  # generate login settings
+  # ykman otp chalresp --touch --generate 2
+  security.pam.yubico = {
+    enable = true;
+    # debug = true;
+    mode = "challenge-response";
+  };
 }