Reputation: 121
Yubikey distribute u2f_keys
I managed to configure my desktop to use my yubikey for login according to this manual: https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F
Now I copied the generated u2f_keys on an other machine to ~/.config/Yubico.
But the login does not work on the other machine with the same Yubikey plugged in. auth.log says:
Device for this keyhandle is not present
Same error if I create a new u2f_keys file by:
pamu2fcfg -N > ~/.config/Yubico/u2f_keys
- is the u2f_keys file not intended to be distributed?
- is it save to publish this file on a public git repo?
Upvotes: 0
Views: 430
Answers (2)
Reputation: 222
If keys was created with
pamu2fcfg -o pam://localhost -i pam://localhost > ~/.config/Yubico/u2f_keys
and PAM configured as
auth sufficient pam_u2f.so cue origin=pam://localhost appid=pam://localhost
then file with keys can be copied to another system and should work (I have tested with 2 PC).
effectively removing hostname from key file can have security implications, but I do not know.
Upvotes: 0
Reputation: 1
pamu2fcfg -N > ~/.config/Yubico/u2f_keys should be issued without -N to create a new file, the -N is used like this to add additional keys to the keyfile for the SAME user
pamu2fcfg -N >> ~/.config/Yubico/u2f_keys
Note the >> used to append the data to the line created when not using -N
-N does not put your Userid in the file
Upvotes: 0
Related Questions
- Is it possible to add more than one YubiKey to a .kdbx file?
- Yubikey OTP Programming Issue with AccessCode
- How to Configure Yubikey 5 for Wondows Hello login
- FIDO2/WebAuthn "This security key doesn't look familiar."
- Connect Yubikey key to GitHub
- What are the Object Attributes needed to generate KeyPairs from YubiKey with PKCS11?
- Django and Yubikey integrate
- How does "Security Key by Yubico" identify each key?
- YubiKey + Webauth: userHandle is always null
- How to authenticate for registerd user in yubikey python