Re: Yubikey and LUKS on testing (Buster)
On Wed, Feb 20, 2019 at 12:15:57PM +0200, gpdsbe@mailbox.org wrote:
>
> Then i reboot my computer and when it asks for a password to unlock my disk encryption I insert my yubikey.
> It doesn't accept the password that i programmed to use with yubikey.
>
> Instead it accepts the password i use without the yubikey! The prompt to enter my password doesn't mention yubikey.
>
> Any ideas?
>
I do not know specifically about using a YubiKey with LUKS in the way
that you describe. However, I have had good results using the static
password (3-5 second press) like I would a normal password entered from
the keyboard.
As far as it accepting the non-yubikey password, remember that a LUKS
container has multiple key slots (8 or 24, I do not recall precisely at
the moment). Accessing a LUKS container only requires that a single key
be unlocked, so any available password is sufficient to gain access.
Once you have the yubikey-based password working, you will need to
remove the other key slot if you no longer want that password to unlock
the container.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: