Comment by throitallaway
10 days ago
Interesting project, but I can't say I've ever wondered whether or not it's time to touch my Yubikey. Authenticating with a token is a very intentful process.
10 days ago
Interesting project, but I can't say I've ever wondered whether or not it's time to touch my Yubikey. Authenticating with a token is a very intentful process.
I've found that when I'm cloning submoduled private repos via YK-backed SSH key, I'll need to touch multiple times but there's not always text in the terminal notifying me to do so. Easy to miss the small flashing green light.
Is it possible to add it to ssh-agent once?
No, the idea behind yk-backed keys are that part of the secret lives on the yubikey and can't be extracted.
So you need to approve the usage of that secret by touching the yubikey.
2 replies →
I have because I use it for a ton of stuff. Password manager, sudo locally, ssh logins, sudo remotely, openpgp decrypt etc.
It happens sometimes that I forget that's what it's waiting for. I'm no longer on Mac though. I have KDE. I don't always see the key flashing either because sometimes it's buried under the mess on my desk (I know...)
It's a bit annoying that yubikeys don't just trigger a hid event or something, as far as i understand the only way to tell is by looking for some obscure log entries.
Yubikey is an event based token. You tap it with explicit intent. If you aren't expecting to tap it, then the fail safe is you don't. It works that way by design.
You can't use a screwdriver handle as a hammer then complain it doesn't work to your expectations.
I just like to be notified when I need to tap something with explicit intent.
1 reply →
It's a bad design for that anyway. It should show me info about what I'm signing on a little display. That would also make it easier to see it needs a touch.
But yeah like someone said below, many actions like github pull would need it. I just want something that makes it easier to see it's waiting for me.