Yubikey attached to an AppVM - possible?
JPL
The USB widget does not recognize a Yubikey plugged into a USB slot after booting Qubes OS, although it is seen by Dom0 using the lsusb command, so presumably it's being blocked for being an 'abnormal' USB device.
I notice various people having problems getting Yubikeys to work, but a quick search didn't bring up this particular issue. Is a sys-usb necessary or has anyone found a workaround?
Thanks
pixel fairy
does it show up as a keyboard? the default is to ignore keyboards plugged in. you can change that in /etc/qubes-rpc/policy/qubes.InputKeyboard
https://www.qubes-os.org/doc/usb/ (near the end)
pixel fairy
JPL
Bus 003 Device 009 ID:[some-string] Yubico.com Yubikey 4 OTP+UTF+CCID
qvm-usb gives no clues:
BACKEND:DEVID DESCRIPTION USED BY
Edited the file /etc/qubes-rpc/policy/qubes.InputKeyboard as suggested but it doesn't seem to make any difference. Do I need to reboot or something?
I already use a USB keyboard.
Thanks for your help btw.
JPL
I should also mention I have Qubes installed on a USB stick, which may be the root cause of the problem
JPL
j.gr...@gmail.com
Jon deps
> Did you figure out how to do it in the end?
>
using debian-9 minimal as the template
https://www.qubes-os.org/doc/multifactor-authentication/
pretty slick, now I can leave my android off, and not use SMS for 2FA
for U2F logins : there is also a write up in the docs, but its way over
my head prolly circles back to Qubes doesn't want HID-keyboard
emulation to have access via USB
for the few sites for U2F I use, I just use Chromium , if you Yubikey
has both IIRC you have disable one or other of the functions anyway
FenderBender
Perhaps they are still better than other options so I will follow this thread and reconsider my purchase but here are some other avenues to achieve 2FA: https://alternativeto.net/software/yubikey/