Yubikey and qubes-usb-proxy
293 views
Skip to first unread message
John Maher
Sep 20, 2017, 8:46:56 AM9/20/17
to qubes-users
I've been trying to get my Yubikey to attach to my gpg qube by doing the following:
[dom0 ~]$ qvm-usb -a gpg `qvm-usb | grep Yubikey | cut -f1`
but I'm presented with:
ERROR: qubes-usb-proxy not installed in the VM
But that package is installed in the VM (in the template).
I got this to work fine on my laptop but not on my desktop.
Any suggestions would be great.
Thanks.
John
Marek Marczykowski-Górecki
Sep 21, 2017, 2:23:18 PM9/21/17
to John Maher, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You need that package in both source and destination VM (template). So,
both template of gpg and sys-usb in this case.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZxAOQAAoJENuP0xzK19csf7EH/A4VSx4RqlQob2eFfxz+PSER
EwkbF90Tu7wu9haeRAhvwyWdh7BVwkA+Qb4wtsPnggZyYxCyeNtn+1qVYTZL5Ov5
ZwLMCSwsIj7s+pK3Rh28GQfnyMgLE2Y5iUor9gLItO54+kYoPWBW0tygXFxeOqIj
NWYVHNlo+RiJDPGD3xqa6H7zRiTX+3IlYOtB6C8Gr2tYITcM1s8u5wYTs2/MpKbE
JsEph8OSiLY8YsM+u2/TvWt30Ajpdvx7sRlblOvvZg1Rn/7KZqIqnFydyt0uMeUY
39DykFZ0WaJF28lpVcdy92kViZE8gTM00KNGulHaMc4pW/N65p5L97o1ldoQulw=
=KvN4
-----END PGP SIGNATURE-----
Hash: SHA256
both template of gpg and sys-usb in this case.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZxAOQAAoJENuP0xzK19csf7EH/A4VSx4RqlQob2eFfxz+PSER
EwkbF90Tu7wu9haeRAhvwyWdh7BVwkA+Qb4wtsPnggZyYxCyeNtn+1qVYTZL5Ov5
ZwLMCSwsIj7s+pK3Rh28GQfnyMgLE2Y5iUor9gLItO54+kYoPWBW0tygXFxeOqIj
NWYVHNlo+RiJDPGD3xqa6H7zRiTX+3IlYOtB6C8Gr2tYITcM1s8u5wYTs2/MpKbE
JsEph8OSiLY8YsM+u2/TvWt30Ajpdvx7sRlblOvvZg1Rn/7KZqIqnFydyt0uMeUY
39DykFZ0WaJF28lpVcdy92kViZE8gTM00KNGulHaMc4pW/N65p5L97o1ldoQulw=
=KvN4
-----END PGP SIGNATURE-----
John Maher
Sep 22, 2017, 8:08:48 AM9/22/17
to qubes-users
So, I don't know how I would install qubes-usb-proxy when I can't see sys-usb.
John
Franz
Sep 22, 2017, 10:08:30 AM9/22/17
to John Maher, qubes-users
qvm-ls will list all installed VMs so you can check if sys-usb exists
best
Fran
John
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc559bd3-0947-4350-8a86-5863f5fb93ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
John Maher
Sep 22, 2017, 1:06:03 PM9/22/17
to qubes-users
>
> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc559bd3-0947-4350-8a86-5863f5fb93ed%40googlegroups.com.
>
>
>
> For more options, visit https://groups.google.com/d/optout.
Francesco, thanks. That helps. My confusion continues to be high, but I guess mostly because I thought my computer had a USB qube because of it's behavior. Like I said, I can attach my Yubikey to one Qubes computer but not another. It's likely that I installed them slightly different from each other.
> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc559bd3-0947-4350-8a86-5863f5fb93ed%40googlegroups.com.
>
>
>
> For more options, visit https://groups.google.com/d/optout.
I vaguely remember checking a "sys-usb" box during installation of both, but the laptop (installed most recently) I think I also check a box that referenced an experimental feature.
Perhaps I just need to install a USB qube on my desktop, but clearly I don't have one on my laptop, and attaching the Yubikey works there.
John
John Maher
Sep 22, 2017, 1:21:36 PM9/22/17
to qubes-users
Desktop:
--------------
$ qvm-usb
dom0:7-5 1050:0407 Yubico_Yubikey_4_OTP+U2F+CCID
Laptop:
--------------
$ qvm-usb
sys-net:2-3 1050:0407 Yubico_Yubikey_4_OTP+U2F+CCID
Might the dom0 vs sys-net indicate an important configuration difference?
Franz
Sep 22, 2017, 3:49:24 PM9/22/17
to John Maher, qubes-users
Here the USB controller is assigned to dom0 which is what Qubes tries to avoid for security reasons. So yes you need a USB qube here
Laptop:
--------------
$ qvm-usb
sys-net:2-3 1050:0407 Yubico_Yubikey_4_OTP+U2F+CCID
Here the USB controller is assigned to sys-net, which may work as a USB Qubes, specially for machines that to not have enough RAM to support an independent sys-usb.
Might the dom0 vs sys-net indicate an important configuration difference?
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ca39fc6-5b6d-483c-99b5-ce8730e9659e%40googlegroups.com.
John Maher
Sep 22, 2017, 4:15:21 PM9/22/17
to qubes-users
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ca39fc6-5b6d-483c-99b5-ce8730e9659e%40googlegroups.com.
>
>
>
> For more options, visit https://groups.google.com/d/optout.
Fran, this is so helpful. Thank you very much.
>
>
>
> For more options, visit https://groups.google.com/d/optout.
John
Reply all
Reply to author
Forward
0 new messages