Setting up the Yubikey on Ubuntu

I got a YubiKey 4 for Christmas from my girlfriend that I'm finally going to set up. This is how I set it up on my Ubuntu 17.10 machine.

First add the yubikey ppa

sudo add-apt-repository ppa:yubico/stable
sudo apt-get update

Then install the manager.

sudo apt install yubikey-manager
sudo apt install yubikey-manager-qt

The yubikey-manager-qt is obviously the gui version. The cli version can be interacted with via the ykman command.

2FA - Two Factor Authentication

Since I only have a single yubikey, a concern I have is that I don't want to be locked out in case my key is lost, stolen, broken or just forgotten at home. Therefore I need to ensure there is always some backup method for me to use. Or perhaps if I can somehow safely store a backup of the values on the yubikey itself, that would also be an alternative. However, kind of the point of having a yubikey is that it is write-only. i.e. that we can only write credentials to the device, never read them. A backup would either be to backup the values before we write to the device or to have another method (e.g. TOTP) as a failover. How to securely and safely backup these values offline somehow is something that I'm still thinking about.

Anyhow, I followed the official guide to setting up my yubikey for different services. Once I had configured Firefox (had to go the the about:config page and enable security.webauth.u2f), setting the yubikey up for Github was easy and worked perfectly.

Setting it up on my Google account unforuntately did not work, blaming it on Firefox, I suspect simply because they want me to use Chrome ;)

"Security Keys don't work with this browser. Try again in Chrome."

OpenPGP - Crypto

Extra useful links:

  • for the source to the python package (helpful stuff in the readme)
  • more info regarding Firefox.