Web lists-archives.com

Re: Yubikey and LUKS on testing (Buster)




On Wed, Feb 20, 2019 at 12:15:57PM +0200, gpdsbe@xxxxxxxxxxx wrote:
> 
> Then i reboot my computer and when it asks for a password to unlock my disk encryption I insert my yubikey.
> It doesn't accept the password that i programmed to use with yubikey. 
> 
> Instead it accepts the password i use without the yubikey! The prompt to enter my password doesn't mention yubikey.
> 
> Any ideas?
> 
I do not know specifically about using a YubiKey with LUKS in the way
that you describe.  However, I have had good results using the static
password (3-5 second press) like I would a normal password entered from
the keyboard.

As far as it accepting the non-yubikey password, remember that a LUKS
container has multiple key slots (8 or 24, I do not recall precisely at
the moment).  Accessing a LUKS container only requires that a single key
be unlocked, so any available password is sufficient to gain access.
Once you have the yubikey-based password working, you will need to
remove the other key slot if you no longer want that password to unlock
the container.

Regards,

-Roberto

-- 
Roberto C. Sánchez