Setting up the Yubikey on Ubuntu
I got a YubiKey 4 for Christmas from my girlfriend that I'm finally going to set up. This is how I set it up on my Ubuntu 17.10 machine.
First add the yubikey ppa
sudo add-apt-repository ppa:yubico/stable sudo apt-get update
Then install the manager.
sudo apt install yubikey-manager sudo apt install yubikey-manager-qt
yubikey-manager-qt is obviously the gui version. The cli version can be interacted with via the
2FA - Two Factor Authentication
Since I only have a single yubikey, a concern I have is that I don't want to be locked out in case my key is lost, stolen, broken or just forgotten at home. Therefore I need to ensure there is always some backup method for me to use. Or perhaps if I can somehow safely store a backup of the values on the yubikey itself, that would also be an alternative. However, kind of the point of having a yubikey is that it is write-only. i.e. that we can only write credentials to the device, never read them. A backup would either be to backup the values before we write to the device or to have another method (e.g. TOTP) as a failover. How to securely and safely backup these values offline somehow is something that I'm still thinking about.
Anyhow, I followed the official guide to setting up my yubikey for different services.
Once I had configured Firefox (had to go the the
about:config page and enable
security.webauth.u2f), setting the yubikey up for Github was easy and worked perfectly.
Setting it up on my Google account unforuntately did not work, blaming it on Firefox, I suspect simply because they want me to use Chrome ;)
OpenPGP - Crypto
Extra useful links:
- https://github.com/Yubico/yubikey-manager for the source to the python package (helpful stuff in the readme)
- https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/ more info regarding Firefox.