I'm not a seasoned qubes-user. I have used it for some months and beginning to get the hang of it.
I'm curiously trying to investigate how to use yubikey as a means to utilize ssh with my gpg keys, sudo or anything else that might work with yubikey and Qubes.
Plugging my new yubikey 4 in my Qubes workstation/desktop and pressing the "Y", actually produces output in the VM's that is "selected/in front" and not allowing me to select the specific VM in which I wan't the yubikey to act. It acts in whichever of them I selected.
That is probably because it acts as a keyboard and not as storage.
Is there a way to protect myself against this kind of rubber ducky stuff?
A kind of OTP/2FA on keyboards, so you need to accept input after typing a specific on screen code or something? Just so it doesn't blindly accept any stream of data?
The closest thing I found online was Duckhunt for windows, but for obvious reasons, that doesn't work for me, and badUSB is just to difficult for me to understand how to counteract, since I need to trust hardware at some point.
Sincerely
Max