I followed the instructions here. However no released version of fedora-packager yet has the
fedora-burn-yubikey script so you have to download it from Mike McGrath’s site.
# yum install /usr/bin/ykpersonalize
# fedora-burn-yubikey -u rjones
Attention: You are about to reprogram your yubikey! Please ensure it is
plugged in to your USB slot before continuing. The secret key currently on
your yubikey will be destroyed as part of this operation!
Password for rjones: ***
New key generated in FAS, attempting to burn to yubikey
Firmware version 2.2.1 Touch level 1793 Program sequence 1
Configuration data to be written to key configuration 1:
Then go to the FAS yubikey page and enable it.
So far the “Test Auth” works.
I’m waiting to try real authentication. Update: Well it lets me log in to FAS through the web page. Edit: Also I was able to create an update using the yubikey.
It arrived this morning, about 20 hours after I placed the order. I haven’t had a chance to do anything other than plugging it in yet.
usb 1-1.1: new low speed USB device using ehci_hcd and address 5
usb 1-1.1: New USB device found, idVendor=1050, idProduct=0010
usb 1-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-1.1: Product: Yubico Yubikey II
usb 1-1.1: Manufacturer: Yubico
input: Yubico Yubico Yubikey II as /devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.1/1-1.1:1.0/input/input9
generic-usb 0003:1050:0010.0001: input,hidraw0: USB HID v1.11 Keyboard [Yubico Yubico Yubikey II] on usb-0000:00:1a.0-1.1/input0
Bus 001 Device 005: ID 1050:0010 Yubico.com Yubikey
Pressing the one button on the yubikey sends a string of random letters (as if typed on the keyboard or another USB input device). The string is different each time.
That’s all for now folks!
I ordered a yubikey. If it works out, then I’ll be able to log in to fedora accounts using 2-factor authentication.
The total cost inc. shipping was under £20.