USB security in Qubes (Yubikey, rubber ducky, etc.)

49 views
Skip to first unread message

m...@militant.dk

unread,
May 4, 2018, 10:45:09 AM5/4/18
to qubes-users
Hi there,

I'm not a seasoned qubes-user. I have used it for some months and beginning to get the hang of it.

I'm curiously trying to investigate how to use yubikey as a means to utilize ssh with my gpg keys, sudo or anything else that might work with yubikey and Qubes.

Plugging my new yubikey 4 in my Qubes workstation/desktop and pressing the "Y", actually produces output in the VM's that is "selected/in front" and not allowing me to select the specific VM in which I wan't the yubikey to act. It acts in whichever of them I selected.

That is probably because it acts as a keyboard and not as storage.

Is there a way to protect myself against this kind of rubber ducky stuff?

A kind of OTP/2FA on keyboards, so you need to accept input after typing a specific on screen code or something? Just so it doesn't blindly accept any stream of data?

The closest thing I found online was Duckhunt for windows, but for obvious reasons, that doesn't work for me, and badUSB is just to difficult for me to understand how to counteract, since I need to trust hardware at some point.

Sincerely
Max

Reply all
Reply to author
Forward
0 new messages