med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

365
active users

#yubikey

4 posts2 participants0 posts today
Maikel 🇪🇺 🇪🇸<p>It works. Thanks to the power of nix it took no effort to change several places at once to use a second ssh key on the new backup Yubikey. And since they are resident keys, nothing gets into the PCs, just the public part. </p><p>I made several keys some requiring nothing, just the Yubikey on the USB and some requiring touch and pin unless the pin is cached in which case just the PIN.</p><p>The question remains of where should the backup key be kept. 🤔</p><p><a href="https://vmst.io/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a></p>
Maikel 🇪🇺 🇪🇸<p>Today we have learnt that to make a yubikey NOT require touching to ssh into a server, not only you need to add -O no-touch-required to the ssh-keygen command but ON THE SERVER after doing the ssh-copy-id bla blabla part (or you manually adding it to authorized_keys) you need to prepend the line with </p><p>no-touch-required (space) the rest of the public key. </p><p>OTHERWISE it won't ever work and the only way to find out is tailing /var/log/auth.logs</p><p>🤔 </p><p><a href="https://vmst.io/tags/Yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikey</span></a> <a href="https://vmst.io/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a></p>
Maikel 🇪🇺 🇪🇸<p>This is incredibly useful to encrypt secrets in Github repos</p><p><a href="https://github.com/str4d/age-plugin-yubikey" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/str4d/age-plugin-yu</span><span class="invisible">bikey</span></a></p><p>Meh, shit, only works with PIV yubikeys, mine doesn't have that. </p><p><a href="https://vmst.io/tags/Yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikey</span></a> <a href="https://vmst.io/tags/Age" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Age</span></a></p>
Maikel 🇪🇺 🇪🇸<p>I wonder, can SUDO just work out of the box without having to touch the key but just the key being plugged?</p><p>EDIT: I'll answer it myself 👇 </p><p>auth required pam_u2f.so cue userpresence=0</p><p>BUt there's pretty much no advantage of using that over a regular sudo with no password when you're already logged in. </p><p><a href="https://vmst.io/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a></p>
Bryan Whitehead<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@tychotithonus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tychotithonus</span></a></span> <br>They are totally blowing the opportunity to have a pumpkin spice <a href="https://macaw.social/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a></p>
Jonatan<p>With USB/IP, I can now use my YubiKey remotely via SSH in the same way as I was sitting in front of my machine. Both in early boot stage (initrd); unlocking LUKS encrypted filesystem, and in booted system stage; signing git commits and authenticate to GitHub. Great! But what about using FIDO2/WebAuthn via RDP to log in to web services? USB redirection is not supported for xrdp. Is there any workarounds coming up to for example redirect WebAuthn from one machine to another?</p><p><a href="https://defcon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://defcon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://defcon.social/tags/usbip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usbip</span></a> <a href="https://defcon.social/tags/rdp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rdp</span></a> <a href="https://defcon.social/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nixos</span></a> <a href="https://defcon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a></p>
shac ron ₪‎<p>It would be nice if my <a href="https://ioc.exchange/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> stopped murdering my MacBook battery while it’s sleeping</p>
Profoundly Nerdy<p>Are there good yubikey alternatives that are in a credit card form factor? Ideally something very cross platform friendly.</p><p>Something that holds cryptographic keys and can answer TOTP challenges, ideally.</p><p><a href="https://bitbang.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://bitbang.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://bitbang.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://bitbang.social/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://bitbang.social/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a></p>
Kuketz-Blog 🛡<p>Nextcloud sicher nutzen: Überblick über Weboberfläche, Clients und essentielle Sicherheitsfunktionen wie 2FA, starke Passwörter und Freigaben.</p><p>Teil 3 der Artikelserie »Nextcloud«. 👇 </p><p><a href="https://www.kuketz-blog.de/nextcloud-nutzen-grundfunktionen-apps-und-schutzmechanismen-nextcloud-teil-3/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">kuketz-blog.de/nextcloud-nutze</span><span class="invisible">n-grundfunktionen-apps-und-schutzmechanismen-nextcloud-teil-3/</span></a></p><p><a href="https://social.tchncs.de/tags/nextcloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nextcloud</span></a> <a href="https://social.tchncs.de/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a> <a href="https://social.tchncs.de/tags/passwort" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwort</span></a> <a href="https://social.tchncs.de/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://social.tchncs.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.tchncs.de/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://social.tchncs.de/tags/nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nitrokey</span></a></p>
Kuketz-Blog 🛡<p>Nextcloud sicher nutzen: Überblick über Weboberfläche, Clients und essentielle Sicherheitsfunktionen wie 2FA, starke Passwörter und Freigaben.</p><p>Teil 3 der Artikelserie »Nextcloud«. 👇 </p><p><a href="https://www.kuketz-blog.de/nextcloud-nutzen-grundfunktionen-apps-und-schutzmechanismen-nextcloud-teil-3/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">kuketz-blog.de/nextcloud-nutze</span><span class="invisible">n-grundfunktionen-apps-und-schutzmechanismen-nextcloud-teil-3/</span></a></p><p><a href="https://social.tchncs.de/tags/nextcloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nextcloud</span></a> <a href="https://social.tchncs.de/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a> <a href="https://social.tchncs.de/tags/passwort" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwort</span></a> <a href="https://social.tchncs.de/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://social.tchncs.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.tchncs.de/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://social.tchncs.de/tags/nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nitrokey</span></a></p>
Zack Weinberg<p>I'm betting the answer here is "this isn't possible" but if anyone knows how to tell OpenSSH that when it's enumerating pubkeys it should check which of the two known authentication dongles is actually plugged into the computer, and only prompt me to unlock the SK key that belongs to that dongle, not both of them, please tell me how.</p><p><a href="https://masto.hackers.town/tags/openssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssh</span></a> <a href="https://masto.hackers.town/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>Explain <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> to me like I'm your grandparents.</p><p><a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/otp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>otp</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth</span></a></p>
JayVii<p>Does anyone have experience with either <a href="https://social.jayvii.de/tags/Yubikey" class="hashtag" rel="nofollow noopener" target="_blank">#Yubikey</a>, <a href="https://social.jayvii.de/tags/Nitrokey" class="hashtag" rel="nofollow noopener" target="_blank">#Nitrokey</a> or any other hardware security token for both <a href="https://social.jayvii.de/tags/MFA" class="hashtag" rel="nofollow noopener" target="_blank">#MFA</a>/<a href="https://social.jayvii.de/tags/2FA" class="hashtag" rel="nofollow noopener" target="_blank">#2FA</a> as well as <a href="https://social.jayvii.de/tags/encryption" class="hashtag" rel="nofollow noopener" target="_blank">#encryption</a> via <a href="https://social.jayvii.de/tags/PGP" class="hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/<a href="https://social.jayvii.de/tags/GPG" class="hashtag" rel="nofollow noopener" target="_blank">#GPG</a> or <a href="https://social.jayvii.de/tags/SMIME" class="hashtag" rel="nofollow noopener" target="_blank">#SMIME</a>?</p><p>In particular, I am looking at the <a href="https://shop.nitrokey.com/de/shop/nk3an-nitrokey-3a-nfc-147?search=nitrokey+3#attr=" rel="nofollow noopener" target="_blank">Nitrokey 3A NFC</a>. As far as I can tell, Yubico only sells <a href="https://social.jayvii.de/tags/MFA" class="hashtag" rel="nofollow noopener" target="_blank">#MFA</a> tokens(?), unless the <a href="https://www.yubico.com/de/product/yubikey-5-fips-series/yubikey-5-nfc-fips/" rel="nofollow noopener" target="_blank">YubiKey 5 FIPS Series</a> can hold encryption keys as well?</p><p>Both price and open hardware aspect definitely speak for Nitrokey, but I do not know anyone who owns such a token... Anyone who I can talk to?</p>
Peter N. M. Hansteen<p>j2k25 - OpenBSD Hackathon Japan 2025 (rsadowski@) <a href="https://www.undeadly.org/cgi?action=article;sid=20250601104254" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20250601104254</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/hackathon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackathon</span></a> <a href="https://mastodon.social/tags/j2k25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>j2k25</span></a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>development</span></a> <a href="https://mastodon.social/tags/kde" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kde</span></a> <a href="https://mastodon.social/tags/kdeapps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kdeapps</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a></p>
Royce Williams<p>TIL that Pure Storage issues YubiKeys branded with their logo!</p><p>(eBay, not my listing:)</p><p><a href="https://www.ebay.com/itm/135898756327" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">ebay.com/itm/135898756327</span><span class="invisible"></span></a></p><p>Interesting: Just over the side of the logo, the phrase "NO NFC" is seen (not sure if an add-on label, or part of the logo). NFC-enabled keys ship with NFC disabled by default until first power-up (and can be re-disabled in <code>ykman</code> <code>-R</code> / <code>--restrict</code> option):</p><p><a href="https://www.yubico.com/getting-started/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">yubico.com/getting-started/</span><span class="invisible"></span></a></p><p>... so I'm not sure if this means NFC is <em>permanently</em> disabled, but it seems likely. Will update when I get one.</p><p><a href="https://infosec.exchange/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a></p>
The Chris Dantes<p>Fuck <a href="https://social.linux.pizza/tags/Authy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authy</span></a>. Fuck it in it's stupid ass. They got rid of the desktop version. Fine. It sucks, but I could deal with it. Then they dropped support for <a href="https://social.linux.pizza/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a>. Meaning I'm locked out of everything. Luckily I have a <a href="https://social.linux.pizza/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a> so I can get into most things. I guess it's time to move to something else.</p>
Mad A. Argon :qurio:<p>I realized I didn't wear <a href="https://is-a.cat/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> on chain on my neck for 8 days (because of circumstances). And this is absolutely record for me, it was never so long until now!<br>Does it mean I have a problem? :neofox_laugh_tears_256:</p><p>I have it on me now. I couldn't feel so... naked? without armor? anymore.</p><p><a href="https://is-a.cat/tags/nerd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nerd</span></a> <a href="https://is-a.cat/tags/MagicalThinking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MagicalThinking</span></a></p>
vascorsd<p>I have to say that I find it almost funny how broken the <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> fido2 /webauth is now after passkeys have started to be a thing. Was just trying to use it on the <a href="https://demo.yubico.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">demo.yubico.com/</span><span class="invisible"></span></a> and the loops and amount of errors I see with popups appearing in front of me and talking about passkeys when it's nothing of the sort... And just keeps failing to authenticate... I mean I'm sure I've tried it before on this android phone using the chrome browser and it worked 🥲.</p>
Ölbaum<p>So, <a href="https://tooting.ch/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> question:</p><p>Is it possible that a web site that has been supporting YubiKeys for a while would automatically support Safari’s and 1Password’s passkeys, by means of it being webauthn in both cases, or at least appear to support them, even if it fails later?</p><p>That would explain some of the ignorance of customer service agents when you point out how their passkey implementation is broken.</p><p><a href="https://tooting.ch/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://tooting.ch/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://tooting.ch/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webauthn</span></a> <a href="https://tooting.ch/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a></p>
S1m<p>Very happy to finally be able to use my yubikeys on my phone (GrapheneOS, without Play services) 🤗</p><p>Most of the pieces were already there, it only missed to be assembled into a Credential Provider, which is finally done with <a href="https://codeberg.org/s1m/hw-fido2-provider" rel="nofollow noopener" target="_blank">HW Fido2 Provider</a></p><p><a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> <a href="https://infosec.exchange/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://infosec.exchange/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a></p>