Yubico Forum

Is there no way to use the scan mode to set a static password in Linux? I don't see any option for it.

I'm able to set a random password, but believe it or not I have a bank account website that won't take a password longer than 12 characters. Yeah, I know...

As of now, the functionality to set the scan-code mode password is not available in the Linux Personalization Tool. However, you can use the Windows based Personalization Tool to set your own password using the scan code mode.

The Windows based Personalization Tool can be downloaded from the link below:

http://www.yubico.com/personalization-tool

We hope this helps!

Doesn't really help - since I don't run Windows anywhere. But thanks for confirming what I suspected. Thank goodness that's not what I ordered the keys for, it was just a nice side-effect I was hoping for.

FYI, I tried the windows tool in Wine before posting the question and it wouldn't find the key.

Hopefully not too late for you - I only got my yubikey a couple of days ago - but it is possible to set a scan-mode password using the Linux tool. I'm running Debian sid so YMMV. It seems the password is made up of the fixed identity (first 8 characters), the uid (next 6 characters) and the AES key (next 16 characters) catted together. This is only 30 characters - I haven't found out where the missing 8 are yet. Below is the command I used to set the 2nd config to be a static password of "Hello world!"

ykpersonalize -2 -v -o -static-ticket -oshort-ticket -o fixed=h:8b080f0f122c1a12 -o uid=150f079e0000 -a 00000000000000000000000000000000

I got the USB scan codes from http://geekhack.org/showwiki.php?title=Scan+Codes and you add 0x80 to get a capital/shifted character. Put zeros at the end to pad a short password. You may also want "-o -man-update" to disable the feature to change the static password with a long press as mentioned in the user guide.

Hope this helps.

Sorry for posting to an old topic, but I also just got my Yubikey. To get all 38 characters, you need to modify ykpers-args.c to allow 16 bytes (32 hex digits) of fixed identity. I couldn't figure out a filename extension that was acceptable for a file upload, so here's the patch inline:


After doing that, you should be able to do something like:

A long press then yields: