Re: Yubikey and LUKS on testing (Buster)
- Date: Wed, 20 Feb 2019 07:04:11 -0500
- From: Roberto C. Sánchez <roberto@xxxxxxxxxx>
- Subject: Re: Yubikey and LUKS on testing (Buster)
On Wed, Feb 20, 2019 at 12:15:57PM +0200, gpdsbe@xxxxxxxxxxx wrote:
> Then i reboot my computer and when it asks for a password to unlock my disk encryption I insert my yubikey.
> It doesn't accept the password that i programmed to use with yubikey.
> Instead it accepts the password i use without the yubikey! The prompt to enter my password doesn't mention yubikey.
> Any ideas?
I do not know specifically about using a YubiKey with LUKS in the way
that you describe. However, I have had good results using the static
password (3-5 second press) like I would a normal password entered from
As far as it accepting the non-yubikey password, remember that a LUKS
container has multiple key slots (8 or 24, I do not recall precisely at
the moment). Accessing a LUKS container only requires that a single key
be unlocked, so any available password is sufficient to gain access.
Once you have the yubikey-based password working, you will need to
remove the other key slot if you no longer want that password to unlock
Roberto C. Sánchez