Re: Yubikey and LUKS on testing (Buster)

To: debian-user@lists.debian.org
Subject: Re: Yubikey and LUKS on testing (Buster)
From: Roberto C. Sánchez <roberto@debian.org>
Date: Wed, 20 Feb 2019 07:04:11 -0500
Message-id: <[🔎] 20190220120411.vkdlafpso7coctzs@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 80367600.66391.1550657757920@office.mailbox.org>
References: <[🔎] 80367600.66391.1550657757920@office.mailbox.org>

On Wed, Feb 20, 2019 at 12:15:57PM +0200, gpdsbe@mailbox.org wrote:
> 
> Then i reboot my computer and when it asks for a password to unlock my disk encryption I insert my yubikey.
> It doesn't accept the password that i programmed to use with yubikey. 
> 
> Instead it accepts the password i use without the yubikey! The prompt to enter my password doesn't mention yubikey.
> 
> Any ideas?
> 
I do not know specifically about using a YubiKey with LUKS in the way
that you describe.  However, I have had good results using the static
password (3-5 second press) like I would a normal password entered from
the keyboard.

As far as it accepting the non-yubikey password, remember that a LUKS
container has multiple key slots (8 or 24, I do not recall precisely at
the moment).  Accessing a LUKS container only requires that a single key
be unlocked, so any available password is sufficient to gain access.
Once you have the yubikey-based password working, you will need to
remove the other key slot if you no longer want that password to unlock
the container.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Follow-Ups:
- Re: Yubikey and LUKS on testing (Buster)
  - From: Georgios Pediaditis <gped@mailbox.org>

References:
- Yubikey and LUKS on testing (Buster)
  - From: gpdsbe@mailbox.org

Prev by Date: Re: get my ip address
Next by Date: Re: Can't scan new disk
Previous by thread: Yubikey and LUKS on testing (Buster)
Next by thread: Re: Yubikey and LUKS on testing (Buster)
Index(es):
- Date
- Thread