search for: yubico

Hey all, I'm trying to install the fedora-packager group so that I can build Fedora source packages into RPMs that I can install. I'm getting this error: Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) Requires: python-yubico <SNIP> [root at peach ~]# yum install python-yubico <SNIP> No package python-yubico available. Do you suppose that maybe this is a typo where python-yubico was typed instead of python-yubikey? When I google for python-yubico Google suggests python-yubikey instead. But maybe not! RP...

...gt; Hey all, I'm trying to install the fedora-packager group so that I can >> build Fedora source packages into RPMs that I can install. I'm getting >> this error: >> >> Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) >> Requires: python-yubico >> <SNIP> >> [root at peach ~]# yum install python-yubico >> <SNIP> >> No package python-yubico available. >> >> >> Do you suppose that maybe this is a typo where python-yubico was typed >> instead of python-yubikey? When I google for pyt...

...il.com> wrote: > Hey all, I'm trying to install the fedora-packager group so that I can > build Fedora source packages into RPMs that I can install. I'm getting > this error: > > Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) > Requires: python-yubico > <SNIP> > [root at peach ~]# yum install python-yubico > <SNIP> > No package python-yubico available. > > > Do you suppose that maybe this is a typo where python-yubico was typed > instead of python-yubikey? When I google for python-yubico Google > suggests...

...erre wrote: > Hey all, I'm trying to install the fedora-packager group so that I can > build Fedora source packages into RPMs that I can install. I'm > getting > this error: > > Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) > Requires: python-yubico It's a known bug: https://bugzilla.redhat.com/show_bug.cgi?id=1411027#c0 The python-yubico package is now in epel-testing so you should be able to install it with: yum --enablerepo=epel-testing install fedora-packager -- Ian

On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have

Hi, So I finally have time to test the u2f support but so far I haven't been very successful, Specifically, current HEAD has SSH_SK_VERSION_MAJOR 0x00040000 and I can't seem to find a matching libfido2 version, current HEAD of Yubico/libfido2 is 0x00020000 Is there a more up to date libfido2 or a particular commit of openssh-portable I should be using? thanks Sean

...340000/AppleUSB20Hub at 14340000/AppleUSB20HubPort at 14343000/YubiKey OTP+FIDO+CCID at 14343000/IOUSBHostInterface at 1/IOUSBHostHIDDevice at 14343000,1 debug1: ssh-sk-helper: reply len 4 debug3: ssh_msg_send: type 5 debug3: reap_helper: pid=96317 No keys to download I tried using ?change-pin? in yubico-piv-tool, but that didn?t seem to make a difference. I still got the same error after successfully changing the PIN. This is a recently purchased YubiKey 5 NFC (within the last month or so), reporting version 5.2.4 in ?yubico-piv-tool -a status?. -- Ron Frederick ronf at timeheart.net

You might want to look at these : Windows: https://www.technorms.com/46293/enable-microsoft-two-step-authentication-in-windows-10 https://www.yubico.com/passwordless/ Or Phone: https://www.yubico.com/products/yubikey-for-mobile/ Setup: https://support.yubico.com/support/solutions/articles/15000006456-yubikey-smart-card-deployment-guide Ssh: https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh...

Dear all, I did try to google search the archives [1] but cannot find any information on this. Would it be possible to somehow implement a passwordless (or as a 2FA) to login to a remote samba (linux server)? Any suggestions greatly appreciated, Greg 1. https://lists.samba.org/archive/samba/

Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens

I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it works. However, it does not do PIN enforcement at SSH login. It only requests the PIN during the set-up process (when the key is being generated). Is that the way it's supposed to work? Frank

...ot;sk" stands for "security key"). If you're not familiar with U2F, this is an open standard for making inexpensive hardware security tokens. These are easily the cheapest way for users to get a hardware-backed keypair and there is a good range of vendors who sell them including Yubico, Feitian, Thetis and Kensington. Hardware-backed keys offer the benefit of being considerably more difficult to steal - an attacker typically has to steal the physical token (or at least persistent access to it) in order to steal the key. Since there are a number of ways to talk to U2F devices, in...

...Assignee: unassigned-bugs at mindrot.org Reporter: jamin.collins at gmail.com I have found that I am unable to connect to an ssh host if I have both my user's ssh config set to use a PCKS11 library and my yubikey based keys loaded into my ssh agent. I have tried both the opensc and yubico pcks11 libraries for accessing the card. The results differ slightly, but both ultimately fail to authenticate if my user's ssh config is set to use the PCKS11 library and the keys have been added to my ssh agent. ** using libykcs11.so from yubico-piv-tool 1.4.2 $ ssh-add -s /usr/lib/libykcs...

...non-FIDO2 security key (YubiKey NEO) doesn't work with the latest changes to openssh and libfido2, failing with `try_device: fido_dev_get_assert: FIDO_ERR_USER_PRESENCE_REQUIRED`. I'm not sure if this is a problem in libfido2 or sk-usbhid.c (I also reported this issue at https://github.com/Yubico/libfido2/issues/73). Is try_device incompatible with U2F keys? It seems to me to be trying to detect the presence of a key handle using an assert with up=0, but that causes the U2F codepath in libfido2 to return an error FIDO_ERR_USER_PRESENCE_REQUIRED. I believe that since try_device is only try...

Hello, I?m trying out the ?resident key? functionality in OpenSSH 8.2, and I?m having trouble getting it to find keys that I?ve created. I?m trying to create a new resident key using: ssh-keygen -O resident -t ed25519-sk -f <filename> This creates a key, but I?m not actually sure it is creating a ?resident? key, as when I try to dump out the resident keys with either ?ssh-keygen -K?

.../usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0: manufacturerID <PKCS#11 Kit> cryptokiVersion 2.40 libraryDescription <PKCS#11 Kit Proxy Module> libraryVersion 1.1 debug1: provider /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 slot 0: label <YubiKey PIV #19258332> manufacturerID <Yubico (www.yubico.com)> model <YubiKey YK5> serial <19258332> flags 0x40d debug2: pkcs11_fetch_keys: provider /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 slot 0: RSA SHA256:vRdQ4M0pBHf4Cb4pqxFGVTeJmqRTzRusvXxu7vRrjNk debug1: have 1 keys debug2: pkcs11_fetch_keys: provider /usr/lib/x86_64...

...than creating login options for ssh, ssh-add, ssh-keygen as we started discussing in bug #2430. I will have a look into codebase later. I just wanted to put everything in together and then I can have a look at all the technical challenges, since this will not be one-liner. [1] https://developers.yubico.com/yubico-piv-tool/SSH_with_PIV_and_PKCS11.html -- You are receiving this mail because: You are watching the assignee of the bug.

...with error -12 Here's what it looks like: [ 9.693230] hid: raw HID events driver (C) Jiri Kosina [ 9.694988] usbcore: registered new interface driver usbhid [ 9.694989] usbhid: USB HID core driver [ 9.696700] hid-generic 0003:1050:0200.0001: hiddev0,hidraw0: USB HID v1.00 Device [Yubico Yubico Gnubby (gnubby1)] on usb-0000:00:14.0-2/input0 [ 9.784456] Console: switching to colour frame buffer device 240x67 [ 9.816297] i915 0000:00:02.0: fb0: i915drmfb frame buffer device [ 25.087400] thunderbolt 0000:06:00.0: saving config space at offset 0x0 (reading 0x15eb8086) [ 25.08...

Hey, Judging from the (private) responses I?ve got, there is quite a bit of interest in the U2F feature I proposed a while ago. Therefore, I?ve taken some time to resolve the remaining issues, and I think the resulting patch (attached to this email) is in quite a good state now. I also posted the new version of the patch to https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob