YubiKey is a security key device manufactured by Yubico that supports one-time passwords, public key encryption, and U2F protocol.
Questions tagged [yubikey]
47 questions
17
votes
1 answer
Why do GnuPG 2 and gpg-connect-agent fail with "ERR 67108983 No SmartCard daemon"?
Using Debian Jessie and GnuPG 2, each time I try to use GnuPG 2 (gpg2) or gpg-connect-agent together with an OpenPGP smartcard (in my case a YubiKey), the operation fails with a message
$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
ERR…
Jens Erat
- 2,233
- 2
- 21
- 33
7
votes
1 answer
How can I see queries to gpg-agent?
I am using gpg-agent together with a Yubikey to securely store my GPG keys. In addition I've enabled so that whenever a authentication, sign or decryption request happens I must physically push the button on the Yubikey. It is very clear when I do…
kll
- 170
- 4
5
votes
1 answer
gpg-agent mysteriously stopped working - agent on remote system no longer connecting to ssh socket
I am using a yubikey nano on my local system to do encrypt/decrypt/sign on remote systems, plus SSH agent forwarding. I recall this being a bear to setup, but it has worked flawlessly for several months now. Suddenly it broke. My searches all…
lopass
- 69
- 1
- 5
5
votes
2 answers
Disable device with libinput
I want to disable a keyboard input device with libinput. Something analogous to:
xinput set-int-prop 1 "Device Enabled" 8 0
which follows the syntax:
--set-int-prop device property format value
Sets an integer property for the device. Appropriate…
Justin
- 51
- 1
- 3
4
votes
1 answer
GPG: Generating signatures for multiple files
Is there any way to sign multiple files with GPG when the signing key is stored on a keycard? (Or more specifically in my case, a Yubikey).
Currently, I have a script where I loop over a number of files that I want to sign, e.g.:
for pkg in…
Xaldew
- 193
- 6
4
votes
2 answers
Evolution with GnuPG: "no imported public key" even if it is imported
I was running Evolution on Debian buster (testing) amd64 with GnuPG to encrypt mails. I have my GPG private key on a YubiKey actings as GPG smartcard. As Evolution somehow failed to load my calendars using CalDAV, I resetted Evolution. CalDAV is…
tr01
- 576
- 5
- 16
3
votes
1 answer
SSH client on Linux Mint 20 doesn't prompt for user presence confirmation via FIDO USB device
I recently received a Security Key by Yubico (supports FIDO/U2F) and I am testing SSH authentication using this key.
Quoting the OpenSSH 8.2 release notes (Changes since OpenSSH 8.1 section):
In OpenSSH FIDO devices are supported by new public key…
gzach
- 81
- 7
3
votes
1 answer
Has anyone gotten a Yubikey Security Key working on Debian 10?
I've bought a pair of yubico devices to play with for various projects, however, it's struck me that they are not working on debian 10. I understand there's a few bug reports and udev rules floating around to mitigate this, but after having tried…
Pedro
- 1,821
- 12
- 23
3
votes
1 answer
How to make desktop apps see YubiKey without sudo?
I've recently obtained a YubiKey 5 NFC, which seems to be working fine when prompted for a u2f token (both on Firefox and Chromium) but in order to use it in OTP mode, I need to run the applications with sudo. It means I can't program it if I don't…
qwrtln
- 313
- 1
- 2
- 7
3
votes
2 answers
Connecting to 'unix"//var/run/charon.ctl' failed: connection refused
I have tried to find some answers on this and other sites trying to find out the problem, but my attempts failed. The rule is very simple: I want to establish my Ipsec tunnel when my Yubikey is plugged.
My rule is in the file…
debugging XD
- 153
- 2
- 9
3
votes
1 answer
Where to configure pam in Fedora for Yubikey?
I'm testing out Fedora (27) for the first time, trying to get my YubiKey 4 working for local authentication.
In Ubuntu I could configure /etc/pam.d/common-auth to use libpam-yubico as described here. In Fedora however common-auth isn't there, I'm…
Index
- 181
- 7
3
votes
4 answers
How to use YubiKeys with SSH keys in 2-step verification?
I can setup SSH keypair without Fido U2F as described SSH-agent working over many servers without retyping? Some flag? in the thread.
Two step verification would be very good: password for the private key and Fido U2F verification too.
I am not…
Léo Léopold Hertz 준영
- 6,788
- 29
- 91
- 193
2
votes
2 answers
Is there a tool that can perform direct RSA decryption with a Yubikey?
The use case I'm looking for is that I walk up to a headless server and "unlock" it using a hardware key, where scripts on the server recognize that I've plugged it in and automatically use it without a pin or password or additional factors.
The…
M Conrad
- 963
- 4
- 13
2
votes
0 answers
Libvirt Yubikey passthrough
So I've been trying to get a yubikey passthrough to work for a few days now with no luck. Does anyone know what I'm doing wrong or what's wrong with my setup?
Setup:
I'm using ubuntu 18.04 as both host and guest.
Libvirt for…
Dave Baker
- 21
- 2
2
votes
1 answer
How to enable both Passphrase *and* Password+Yubikey as authentication method for a given user account?
Context
I am lazy. But I am also (a bit) concerned with security.
So on my machine (running Fedora), I want to be able to both:
log into my session using a strong passphrase,
log into my session using a quick-to-type password when my Yubikey is…
ebosi
- 295
- 1
- 3
- 13