Cannot convert yubikey csv file

59 views
Skip to first unread message

Joakim Lindgren

unread,
May 20, 2017, 10:26:43 PM5/20/17
to RCDevs Security Solutions - Technical
Hi, I have a Yubikey token that I have programmed (Yubiko OTP) and got a Yubico csv output from:

LOGGING START,2017-05-21 04:04
Yubico OTP,2017-05-21 04:04,2,ccccccdugkuj,03e475a605ba,950f4630c18b84ce6553da7303ffc55e,,,0,0,0,0,0,0,0,0,0,0

Also tried converting this output:

4023338,ccccccdugkuj,03e475a605ba,950f4630c18b84ce6553da7303ffc55e,000000000000,2017-05-21T03:48:40,

I get the following error:

-bash-4.1# /opt/webadm/websrvs/openotp/bin/yubi2inv /root/yubikgold.csv

Could not read input file or file empty

Anyone solved the issue?
Thanks // J

francois...@rcdevs.com

unread,
May 22, 2017, 7:53:40 AM5/22/17
to RCDevs Security Solutions - Technical
Hi 

Could you check the file :

ls -l /root/yubikgold.csv 

Joakim Lindgren

unread,
May 22, 2017, 12:33:30 PM5/22/17
to rcdevs-t...@googlegroups.com
Hi Francois, thank you for your help!

-rwxr-xr-x 1 root root 101 21 maj 04.24 yubikgold.csv

-bash-4.1# /opt/webadm/websrvs/openotp/bin/yubi2inv /root/yubikgold.csv 

Could not read input file or file empty


also tried:


-rwxrwxrwx 1 root root 101 21 maj 04.24 yubikgold.csv

-bash-4.1# /opt/webadm/websrvs/openotp/bin/yubi2inv /root/yubikgold.csv 

Could not read input file or file empty


// J


--
You received this message because you are subscribed to a topic in the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rcdevs-technical/1leUcZUdPp0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rcdevs-technical+unsubscribe@googlegroups.com.
To post to this group, send email to rcdevs-technical@googlegroups.com.
Visit this group at https://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.



--
---------====='****^^^^^*****=====---------
Mobile: +46 70 7566333

Quotes:

"Imagination is more important than knowledge."
--Albert Einstein

"The best way to predict the future is to invent it."
-- Alan Kay

"it is a mistake, often made, to theorize without data."
-- Sherlock Holmes

"I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones."
-- Linus Torvalds

Joakim Lindgren

unread,
May 22, 2017, 6:14:36 PM5/22/17
to RCDevs Security Solutions - Technical

-bash-4.1# /opt/webadm/websrvs/openotp/bin/yubi2inv /root/yubikgold.csv 

[DEBUG:2723] Starting WebSrv process

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:xmlspec_frm.php:ldap_search_objects] LDAP list: (objectclass=webadmconfig) (cn=Domains,cn=WebADM,dc=demo,dc=se)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:xmlspec_frm.php:ldap_search_objects] LDAP list: (objectclass=webadmconfig) (cn=Domains,cn=WebADM,dc=demo,dc=se)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:xmlspec_frm.php:ldap_search_objects] LDAP list: (objectclass=webadmconfig) (cn=Clients,cn=WebADM,dc=demo,dc=se)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:xmlspec_frm.php:ldap_search_objects] LDAP list: (objectclass=webadmconfig) (cn=Mountpoints,cn=WebADM,dc=demo,dc=se)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:xmlspec_frm.php:ldap_search_objects] LDAP list: (objectclass=webadmconfig) (cn=WebApps,cn=WebADM,dc=demo,dc=se)

[DEBUG:2723:xmlspec_frm.php:ldap_get_object_attributes] LDAP read: (objectclass=*) (CN=SelfDesk,CN=WebApps,CN=WebADM,DC=demo,DC=se)

[DEBUG:2723:xmlspec_frm.php:ldap_get_object_attributes] LDAP read: (objectclass=*) (CN=SelfReg,CN=WebApps,CN=WebADM,DC=demo,DC=se)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:ldap_frm.php:ldap_get_tree_infos] LDAP read: (objectclass=*) (RootDSE)

[DEBUG:2723:xmlspec_frm.php:ldap_search_objects] LDAP list: (objectclass=webadmconfig) (cn=WebSrvs,cn=WebADM,dc=demo,dc=se)

[DEBUG:2723:xmlspec_frm.php:ldap_get_object_attributes] LDAP read: (objectclass=*) (CN=OpenOTP,CN=WebSrvs,CN=WebADM,DC=demo,DC=se)

[DEBUG:2723:xmlspec_frm.php:ldap_get_object_attributes] LDAP read: (objectclass=*) (CN=OpenSSO,CN=WebSrvs,CN=WebADM,DC=demo,DC=se)

[DEBUG:2723:xmlspec_frm.php:ldap_get_object_attributes] LDAP read: (objectclass=*) (CN=SpanKey,CN=WebSrvs,CN=WebADM,DC=demo,DC=se)

[DEBUG:2723:xmlspec_frm.php:ldap_get_object_attributes] LDAP read: (objectclass=*) (CN=TiQR,CN=WebSrvs,CN=WebADM,DC=demo,DC=se)

Could not read input file or file empty

[DEBUG:2723] Process execution time: -0.556 seconds

-bash-4.1# ls -ll /root/yubikgold.csv 

-rwxrwxrwx 1 root root 101 21 maj 04.24 /root/yubikgold.csv

Joakim Lindgren

unread,
May 22, 2017, 7:11:37 PM5/22/17
to RCDevs Security Solutions - Technical
Solved.
Feature to register Yubikey Token is available thru Web UI:

1. Select "I use another Token (Manual Registration)"
2. In UI, Enter information from Yubico Personalization Tool:

The Secret Key size is 16 bytes (32 hexadecimal characters).
The Private ID is 6 bytes (12 hexadecimal characters).
The Public ID is 6 bytes (12 Yubico ModHex characters).

3. Key is added, test key by login test function.

Thank you for the help!!!

// J


On Sunday, May 21, 2017 at 4:26:43 AM UTC+2, Joakim Lindgren wrote:

Αγησίλαος Παπαδόκωστας

unread,
Jan 25, 2018, 4:18:25 PM1/25/18
to RCDevs Security Solutions - Technical
Is the yubikey validation server not needed anymore?

francois...@rcdevs.com

unread,
Jan 26, 2018, 5:03:53 AM1/26/18
to RCDevs Security Solutions - Technical
Hi,

Yes you are not obliged to use YubiCloud if you have access to the existing secret keys or if you generate new secret keys.

You can import them directly from an inventory file in webadm.

Αγησίλαος Παπαδόκωστας

unread,
Jan 26, 2018, 7:24:31 AM1/26/18
to RCDevs Security Solutions - Technical
Can internal Yubikey validation also handle replayed otp cases?!

I will be really happy if I can get rid of my private yubicloud validation, because I just cannot make yubikey registration work.
I just keep getting those broken/incomplete/undescriptive log messages

[2018-01-26 12:08:46] [172.27.0.3] CEF|0|RCDevs|WebADM|1.6.1|Admin|Sending YubiCloud validation request to 1 servers over HTTP|1|sid=BZ77JWJ5 src=172.27.0.3 dst=172.27.0.2

and I have no idea what is wrong and how it should be fixed.
Reply all
Reply to author
Forward
0 new messages