Questions tagged [yubikey]
The yubikey tag has no usage guidance.
49
questions
0
votes
0
answers
38
views
Login to Windows using the Yubico Security Key C NFC [closed]
Is there a way to use the Security Key C NFC (not to confuse with other yubico keys) to login on windows? Yubico states that it is not possible. My many onlineservices are compatible with my key and ...
0
votes
0
answers
61
views
Windows YubiKey GPG works with putty but not terminal
I created three gpg subkeys stored on my YubiKey as described here. I added enable-ssh-support and enable-putty-support to my gpg-agent.conf file. Everything works when accessing a server with the ssh-...
0
votes
0
answers
37
views
Cannot setup pam_oath with Yubikey: OTP not authorized to login as user
So, what I want is to login to system with Yubikey as a second factor or the only factor.
I use Linux Mint 21.3, my Yubikey is 5C NFC.
My /etc/pam.d/common-auth:
auth [success=1 default=ignore] ...
2
votes
1
answer
66
views
Windows 11 2FA prompt opens a console instead of a GUI window
Some time ago, I started using FIDO2 keys (Yubikey 5 NFC, to be precise) as a form of second-factor authentication on a few sites that support it.
However, after some change in my system, most likely ...
1
vote
1
answer
60
views
store onion address inside yubikey
I would like to be able to save an onion (v3) address, without the final string .onion inside a yubikey safely.
I want the yubikey that provide this address in plain text at the touch event.
I have ...
1
vote
0
answers
71
views
YubiKey Authenticator App doesn't recognize YubiKey after unlocking the card via PinEntry
I've got a pretty basic password/OTP set up on macOS:
my YubiKey has the sig/aut/enc subkeys to encrypt/decrypt my passwords in the password store
my OTPs are solely on my YubiKey - I use the Yubikey ...
18
votes
3
answers
4k
views
Set Default Security Key Settings (Windows 11)
As of the latest Windows Insider Build (Dev Channel), 23541.1000 ni_prerelease, the following appears when Windows is prompted for security key input:
Whereas before this update, it was only Security ...
0
votes
0
answers
98
views
No passkey icon option on Windows 10
I am trying to enable passkey login on Windows 10 devices.
I have enabled UseSecurityKeyForSignin and EnableFIDODeviceLogon as well as enabled WHfB in gpedit.msc According to RSOP, passkey login is ...
3
votes
2
answers
3k
views
Yubikey ssh authentication fails with "signing failed for ECDSA-SK"
I have a Yubikey (Security Key NFC by Yubico) that I'm trying to set up on a Linux machine for SSH authentication in Discoverable keys mode. I've followed this tutorial and created the keys with
ssh-...
1
vote
1
answer
748
views
How does the Key generation for Yubikeys/FIDO2 keys work if you can generate an infinitive amount
I'm asking myself how they have done it, or if anyone could explain it to me.
I have found this source where it is described, but I don't quiet get it.
For my understanding, it is not storing the ...
0
votes
1
answer
3k
views
YubiKey not working (device not found) in WSL while it works perfect under Windows directly
I use Yubikey to connect to multiple servers. I am doing this under windows and this works perfectly fine with my sshconfig in the .ssh directory.
Now I have a case where I need to run some things ...
1
vote
1
answer
459
views
How can I use a U2F hardware authenticator to unlock a SSH key in a computer I am SSH'd into?
I have a number of computers on which I've generated a ed25519-sk SSH key all using the same U2F hardware authenticator (yubikey 5C NFC). I'm now in a situation involving three computers: X, Y, and Z. ...
1
vote
2
answers
3k
views
Unable to use Windows OpenSSH agent with GPG Agent and Yubikey
I have a Yubikey which has ed25519 certificates loaded onto it. One of these is an authentication certificate. I'm able to export the sha has of this by running gpg --export-ssh-key {key_id}, and ...
0
votes
0
answers
371
views
YubiKey changed identity
I unplugged my YubiKey und plugged it in a while later. When I try to login on websites using the hardware key I now get a popup from Chrome stating "the security key doesn't look familiar".
...
2
votes
1
answer
272
views
Can a website detect if the same physical FIDO key is used for multiple accounts?
If I have an account, say with google, and only use that account from location A, using device A, and another google account only used with device B in location B, if I used the same 2fa FIDO key for ...
0
votes
1
answer
4k
views
Why YubiKey (USB key) needs administrator rights (or any other device)
Some time after a clean install of Windows 10 or 11 and using Yubico keys (USB keys), they need administrator rights to programs to detect it.
It happens randomly, or I don't remember / can't imagine ...
1
vote
1
answer
824
views
GPG periodically loses connection to yubikey on monterey
The connection between gpg and my yubikey appears to periodically fail. Decryption attempts are met with the pinentry-mac dialog "please insert card with serial number X".
gpg --card-status -...
1
vote
0
answers
782
views
Error when register Yubikey Bio with website
I am having an issue registering a yubikey bio with a website. I have managed to register a Yubikey 5 series with the website without issue however when I try with the Yubikey bio I get an error like ...
1
vote
1
answer
493
views
What is the cryptographic relationship between an ssh key and my Yubikey?
I am curious what is the cryptographic relationship between the generated ssh private (and public) key when I use my Yubikey to add an extra layer of protection.
Does ssh-keygen write anything into ...
4
votes
2
answers
5k
views
How to disable OpenSC YubiKey password prompt in Firefox
I have a YubiKey nano plugged into a 2019 MacBook Pro.
When I visit some websites (one public example being Gmail), Firefox brings up a password dialog prompting me to enter the YubiKey password. ...
1
vote
0
answers
406
views
Best strategy after losing GPG/PGP key passphrase (but still access to YubiKey)
When I got my first YubiKey several years ago, I created a new GPG key specifically for it. After uploading the private key to the YubiKey (keytocard), I also stored an armored copy of the private key ...
0
votes
1
answer
2k
views
SSH Using YubiKey 5 and ED25519 Algorithm
I am starting to use a YubiKey 5 to ssh into remote boxes instead of using a software key. I am generating the keys using this command:
ssh-keygen -t ed25519-sk
This works when I ssh into Ubuntu, but ...
2
votes
2
answers
2k
views
YubiKey 5C is not recognized via a docking station
I have a new YubiKey 5C NFC which, when plugged directly in my laptop, works fine. However, when I plug it into my docking station it doesn't work at all.
OS: Linux Mint 20.1
Kernel: 5.4.0-77-generic ...
0
votes
0
answers
74
views
Are there solutions to boot to a hidden OS only when special usb key is present?
My laptop was stolen recently.
Unfortunately I did not take the time to install a honeypot on it.
With my new laptop I am thinking about installing a honeypot OS and a hidden OS that I will use for my ...
2
votes
0
answers
371
views
ssh-add -s Win10
I am unable to add my card using ssh-add -s on Windows 10, ssh-agent is running. Getting below error: C:\Program Files\Yubico\Yubico PIV Tool\bin>ssh-add -s libykcs11.dll
Enter passphrase for PKCS#...
2
votes
0
answers
2k
views
Bitlocker Full Drive Encryption with YubiKey
I'd like to secure the hard discs of a new Windows 10 (Pro/Enterprise) PC with BitLocker full disc encryptuon using hardware tokens and PIN (real 2FA).
How can I set up a YubiKey so I can use it as ...
1
vote
1
answer
4k
views
gpg: decryption failed: No secret key
First, I spent an hour trying answers with similar titles so please read this through before flagging this question as a duplicate.
I use a YubiKey to store my PGP private key using its smart card ...
0
votes
1
answer
460
views
Mac GPG can't generate smartcard keys
Mac OS X Catalina 10.15.7, Homebrew GPG 2.2.23, brand new Yubikey 5C Nano, homebrew pinentry-mac 0.9.4
% gpg --card-edit
Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: ...
3
votes
1
answer
4k
views
SSH server asking for password, but PasswordAuthentication is disabled
what you will see is the current state of a problem I am trying to solve.
I restarted sshd before filling the body this question.
What I am trying to do:
I need to use ssh keys with a yubikey ...
2
votes
0
answers
1k
views
Why can't I add an elliptic curve certificate (smartcard, Yubikey, piv) as protector to a BitLocker protected partition?
Yubikey as SmartCard
I have been using a SmartCard (Yubikey 4, PIV interface) with RSA certificate to unlock BitLocker protected drives. The certificates are self-signed and generated by the Encrypted ...