search for: yubikey

https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: David at...

I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it works. However, it does not do PIN enforcement at SSH login. It only requests the PIN during the set-up process (when the key is being generated). Is that the way it's supposed to work? Frank

...i try to create an event i get the error "Failed to create an event in the calendar ?CalDAV : Calendar?" "Cannot create calendar object: Failed to put data: HTTP error code 400 (Bad Request)" 2.I tried installing evolution from flatpak 3.34 Calendar works fine! BUT cant use my yubikey to read my encrypted emails :-( For some reason flatpak seems unable to work with smartcards. Had the same issue with keepassxc and yubikey 3.My third attempt was to use thunderbird from flatpak. I installed thunderbird through flatpak to see if i could overcome the flatpak yubikey problem. Thunde...

Hi List, I am trying to get authentication to Dovecot with a Yubikey OTP. I have the PAM modules installed and can successfully authenticate to ssh with the Yubikey, so I am confident that the network level and Yubikey configuration is correct. I can also authenticate to Dovecot via PAM using a plain password, however when I try to use the Yubikey authenticatio...

...oticed that I can enter pretty much anything at the PIN prompt >> it gives me, and it doesn?t return an error or decrement the number of >> available PIN retries when I view the key?s status. >> >> I?m doing these tests against OpenSSH portable HEAD on a Mac with a >> Yubikey 5 NFC (connected via USB). >> >> Any thoughts on what I might be doing wrong? > > You can try running "ssh-keygen -Kvvv" to see more detail on what is > going wrong, but I suspect the problem is that your key's firmware > has incomplete resident key support....

...ssh-add (without loading any keys). I also noticed that I can enter pretty much anything at the PIN prompt it gives me, and it doesn?t return an error or decrement the number of available PIN retries when I view the key?s status. I?m doing these tests against OpenSSH portable HEAD on a Mac with a Yubikey 5 NFC (connected via USB). Any thoughts on what I might be doing wrong? -- Ron Frederick ronf at timeheart.net

Apologies if this post is inappropriate to this list; please redirect me if so. Our team uses ssh extensively for server access and maintenance (Debian). An issue is acting as root when operating, for example, over ansible and keeping a record of who performed the actions, something ssh certificates solves well. The problem is then to automate certificate issuance since it would be pretty

On Mon, Jul 13, 2020 at 01:34:37PM +1000, Damien Miller wrote: > On Fri, 10 Jul 2020, Frank Sharkey wrote: > > > I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it > > works. However, it does not do PIN enforcement at SSH login. It only > > requests the PIN during the set-up process (when the key is being > > generated). Is that the way it's supposed to work? > > Assuming you are...

...rror: Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) Requires: python-yubico <SNIP> [root at peach ~]# yum install python-yubico <SNIP> No package python-yubico available. Do you suppose that maybe this is a typo where python-yubico was typed instead of python-yubikey? When I google for python-yubico Google suggests python-yubikey instead. But maybe not! RPM Search turns up python-yubico packages for Fedora 2[234] for x86_64, and CentOS 7.3 for x86_64 and finds no hits for python-yubikey. Maybe the fedora-packager group only works on CentOS 7? I'm so co...

LDAP Account Manager (LAM) 6.6.RC1 - December 10th, 2018 ======================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- You can now manage your YubiKey IDs inside LAM. The old import/export in tree view was rewritten and moved to tools menu. LAM Pro users can adjust self service background color easily. There are also new cron jobs for account expiration. Bind DLZ and Windows got some improvements. This is a test release. Please report any bugs t...

LDAP Account Manager (LAM) 6.6 - December 28th, 2018 ==================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- You can now manage your YubiKey IDs inside LAM. The old import/export in tree view was rewritten and moved to tools menu. LAM Pro users can adjust self service background color easily. There are also new cron jobs for account expiration. Bind DLZ and Windows got some improvements. Full changelog: https://www.ldap-account-manag...

LDAP Account Manager (LAM) 6.7.RC1 - March 15th, 2019 ===================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- YubiKey server is supported as 2-factor authentication provider for LAM login. The bind DLZ module supports DNAME and XFR records. LAM is also compatible with PHP 7.3 and can log to a remote syslog server. In addition, multiple fields were added to self service and you can configure its base URL for email...

LDAP Account Manager (LAM) 6.7 - March 25th, 2019 ================================================= LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- YubiKey server is supported as 2-factor authentication provider for LAM login. The bind DLZ module supports DNAME and XFR records. LAM is also compatible with PHP 7.3 and can log to a remote syslog server. In addition, multiple fields were added to self service and you can configure its base URL for email...

On Mon, Jul 20, 2020 at 09:27:16AM +1000, Damien Miller wrote: > On Sun, 19 Jul 2020, Domenico Andreoli wrote: > > > On Mon, Jul 13, 2020 at 01:34:37PM +1000, Damien Miller wrote: > > > On Fri, 10 Jul 2020, Frank Sharkey wrote: > > > > > > > I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it > > > > works. However, it does not do PIN enforcement at SSH login. It only > > > > requests the PIN during the set-up process (when the key is being > > > > generated). Is that the way it's supposed to wor...

On 18/09/18, Tim Jones (b631093f-779b-4d67-9ffe-5f6d5b1d3f8a at protonmail.ch) wrote: ... > So issue your users with Yubikeys. You can enforce the Yubikey so it > requires the user to enter a PIN *and* touch the Yubikey. This means > there's an incredibly high degree of confidence that it was the user > who performed the actiion (i.e. two-factor authentication of physical > Yubikey and PIN, plus anti-ke...

...Requires: python-yubico >> <SNIP> >> [root at peach ~]# yum install python-yubico >> <SNIP> >> No package python-yubico available. >> >> >> Do you suppose that maybe this is a typo where python-yubico was typed >> instead of python-yubikey? When I google for python-yubico Google >> suggests python-yubikey instead. But maybe not! RPM Search turns up >> python-yubico packages for Fedora 2[234] for x86_64, and CentOS 7.3 for >> x86_64 and finds no hits for python-yubikey. Maybe the fedora-packager >> group on...

...he authentication that evolution sent. We would need to know 1. what the calendar server you are trying to use 2. what the configuration and how you authenticate 3. what the error on the server side is. > 2.I tried installing evolution from flatpak 3.34 > Calendar works fine! BUT cant use my yubikey to read my encrypted emails :-( > For some reason flatpak seems unable to work with smartcards. > Had the same issue with keepassxc and yubikey > Flatpacks are sandboxes to make sure that the rest of your account is secure from each other https://xkcd.com/1200/ . You have to configure wha...

Hi, i'm unsure if the problem we encounter is a bug in openssh or in gnupg. But as everything was working with openssh 6.7p1 and earlier i guess that there where at least some changes in openssh that leads to the problem. You can read the latest discussion about the problem here: https://www.mail-archive.com/gnupg-users%40gnupg.org/msg29421.html https://www.mail-archive.com/gnupg-users

Hi Damien, thanks for you answer. Here is the output of ssh -vvv for both versions: http://paste.ubuntu.com/13576087/ http://paste.ubuntu.com/13576243/ If you need any more info let me know. Regards the2nd On 2015-11-29 12:14, Damien Miller wrote: > On Tue, 24 Nov 2015, the2nd at otpme.org wrote: > >> Hi, >> >> i'm unsure if the problem we encounter is a bug in

...nt. We would need to > know > 1. what the calendar server you are trying to use > 2. what the configuration and how you authenticate > 3. what the error on the server side is. > > > 2.I tried installing evolution from flatpak 3.34 > > Calendar works fine! BUT cant use my yubikey to read my encrypted > > emails :-( > > For some reason flatpak seems unable to work with smartcards. > > Had the same issue with keepassxc and yubikey > > > > Flatpacks are sandboxes to make sure that the rest of your account is > secure from each other https://x...