On Mon, 27 Sept 2021 at 09:28, Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: > > Hello, > > I've been trying to add the OPT token from accounts.fedoraproject.org to my > yubikey. I get a QR code and a otpauth://totp/username?secret=xxx URI. > > I copypasted the xxx secret (56 characters: digits and uppercase letters) and > tried to add it via YubiKey Manager GUI via Applications/OTP as OATH-HOTP (6 > digits). > > I get "Failed to configure Long Touch (Slot 2). undefined" error. > > When I tried to use the CLI: > > $ ykman otp hotp -d 6 -c 0 2 xxx > > I get "Error: key lengths >20 bytes not supported". > > Is there a way to use YubiKey for accounts.fedoraproject.org OTP, or is the > device not compatible? > OK let's back up a bit, since I am looking at a working yubikey for Fedora OTP at the moment. The first thing we need to see is if the key you are using is compatible. There are multiple generations and they use different commands to program them :/. The ones I know which work are the older 'black' yubikeys. The newer blue ones, do not seem to work with the Fedora commands shipped. If I run I am looking at my yubikeys and they all work. I know that every sysadmin in Fedora has been using yubikeys for years. So I am guessing something else is going on here for this device. Here is what I get from my two Fedora ones ``` $ # This is my oldest key which works for Fedora $ ykinfo -t -i -p -I -1 -2 touch_level: 1793 programming_sequence: 1 slot1_status: 1 slot2_status: 0 vendor_id: 1050 product_id: 10 $ # This is my 2nd gen black key and was keyed to Fedora during testing. $ ykinfo -t -i -p -I -1 -2 touch_level: 1285 programming_sequence: 1 slot1_status: 1 slot2_status: 0 vendor_id: 1050 product_id: 110 $ # This is a blue key which I use for other websites because Fedora commands give me $ ykinfo -t -i -p -I -1 -2 Yubikey core error: no yubikey present ``` > Thanks, > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on a BBS... time to shutdown -h now. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
