| Yubico Forum https://forum.yubico.com/ |
|
| Re-activating/configuring U2F https://forum.yubico.com/viewtopic.php?f=35&t=2634 |
Page 1 of 1 |
| Author: | KiloSierraCharlie [ Sat May 13, 2017 10:39 am ] |
| Post subject: | Re-activating/configuring U2F |
Hello, When I got my Yubikey, I had to reset it because it was already out of password attempts for both pins. I've since got it working, and I have configured my Yubikey to store my PGP private keys, and a HMAC-SHA1 challange/response on slot 2. I also setup the Yubico OTP on slot 1, and have tested this to work perfectly on the demo site (and presumably here). When I attempt to use my key on sites such as Github, Google and Facebook, they don't detect my key to be inserted. I've tried both Firefox (with the U2F addon) and Chrome (latest version), on three different PCs (two of them were setup for GPG agents). I presume there is something I haven't setup (or have missed) after I reset the Yubikey. Any assistance is appreciated. Kind Regards. |
|
| Author: | KiloSierraCharlie [ Sat May 13, 2017 11:58 am ] |
| Post subject: | Re: Re-activating/configuring U2F |
So I got the device to work. It's quite easy, and I found the answer on the developer section of the Yubico website (although by accident). Simply plug in the key and Code: ykpersonalize -m6
|
|
| Author: | ChrisHalos [ Sat May 13, 2017 8:39 pm ] |
| Post subject: | Re: Re-activating/configuring U2F |
A lot of the old OpenPGP setup instructions have you changing the modes to OTP+CCID (these were written before U2F was around, and the NEOs sold used to have CCID disabled by default). As you discovered, mode change with "ykpersonalize -m6" or "ykpersonalize -m86" will get you back to OTP+CCID+U2F. Alternatively you can use the YubiKey NEO Manager if you prefer a GUI app, or YubiKey Manager (beta). For anyone else who stumbles across this discussion, it's best to check what modes are enabled to troubleshoot U2F issues: On Windows - check Devices and Printers. The YubiKey model will be listed, along with what modes are currently enabled (on multi-protocol devices - NEO, 4, Edge) On Mac - Apple Menu > About This Mac > System Report. Look under Hardware > USB - the YubiKey model will be listed, along with what modes are enabled. On Linux - in Terminal, run "lsusb" - and Yubico product will show up with vendor ID 1050, and the enabled modes will be displayed. And a reminder, the falling apps can be used to enable/disable modes: *YubiKey Manager *YubiKey NEO Manager *ykpersonalize (the command-line version of the YubiKey Personalization Tool. Note: If OTP mode is disabled, the app will not recognize the YubiKey and either YubiKey Manager or YubiKey NEO Manager will need to be used) |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|