Re: Using YubiKey for accounts.fedoraproject.org OTP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27. 09. 21 15:50, Stephen John Smoogen wrote:
On Mon, 27 Sept 2021 at 09:28, Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:

Hello,

I've been trying to add the OPT token from accounts.fedoraproject.org to my
yubikey. I get a QR code and a otpauth://totp/username?secret=xxx URI.

I copypasted the xxx secret (56 characters: digits and uppercase letters) and
tried to add it via YubiKey Manager GUI via Applications/OTP as OATH-HOTP (6
digits).

I get "Failed to configure Long Touch (Slot 2). undefined" error.

When I tried to use the CLI:

      $ ykman otp hotp -d 6 -c 0 2 xxx

I get "Error: key lengths >20 bytes not supported".

Is there a way to use YubiKey for accounts.fedoraproject.org OTP, or is the
device not compatible?


OK let's back up a bit, since I am looking at a working yubikey for
Fedora OTP at the moment. The first thing we need to see is if the key
you are using is compatible. There are multiple generations and they
use different commands to program them :/. The ones I know which work
are the older 'black' yubikeys. The newer blue ones, do not seem to
work with the Fedora commands shipped. If I run


I am looking at my yubikeys and they all work. I know that every
sysadmin in Fedora has been using yubikeys for years. So I am guessing
something else is going on here for this device. Here is what I get
from my two Fedora ones

```
$ # This is my oldest key which works for Fedora
$ ykinfo -t -i -p -I -1 -2
touch_level: 1793
programming_sequence: 1
slot1_status: 1
slot2_status: 0
vendor_id: 1050
product_id: 10

$ # This is my 2nd gen black key and was keyed to Fedora during testing.
$ ykinfo -t -i -p -I -1 -2
touch_level: 1285
programming_sequence: 1
slot1_status: 1
slot2_status: 0
vendor_id: 1050
product_id: 110

$ # This is a blue key which I use for other websites because Fedora
commands give me
$ ykinfo -t -i -p -I -1 -2
Yubikey core error: no yubikey present

Sorry for not mentioning that. It is a YubiKey 5 Nano with 5.4.3 firmware:

$ ykinfo -t -i -p -I -1 -2
touch_level: 1029
programming_sequence: 11
slot1_status: 1
slot2_status: 0
vendor_id: 1050
product_id: 407


BTW I know that sysadmins used YubiKeys even before noggin, there's the fedora-burn-yubikey command (installed via fedora-packager-yubikey), but it talks to the old FAS instead of the new one.

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux