Package: yubikey-luks
Version: 0.5.1+29.g5df2b95-6.3
Severity: important
Dear Maintainer,
- What led up to the situation?
1. Install yubikey-luks package.
2. Initialize your Yubikey and enroll it for usage with LUKS, e.g.:
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-
visible
yubikey-luks-enroll
3. Edit /etc/yluks.cfg and enter the Yubikey password:
YUBIKEY_CHALLENGE="enrolled-challenge-password"
4. Add the following option in /etc/crypttab:
keyscript=/usr/share/yubikey-luks/ykluks-keyscript
5. Run update-initramfs -u
- What was the outcome of this action?
When booting the system with the Yubikey plugged in I am being asked to insert
Yubikey or enter a passphrase:
"Please insert Yubikey and press enter or enter a valid passphrase"
Pressing enter returns:
"Accessing yubikey...
Retrieved the response from the Yubikey
Nothing to read on input.
cryptsetup: ERROR: nvme0n1p5_crypt: cryptsetup failed, bad password or
option?"
Then when I enter the password which was set for the Yubikey (the same I have
at YUBIKEY_CHALLENGE) the system starts booting normally.
- What outcome did you expect instead?
I expect the system to start booting without waiting or asking for a password
just with the Yubikey plugged in.
-- System Information:
Debian Release: 13.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.30-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages yubikey-luks depends on:
ii cryptsetup 2:2.7.5-2
ii initramfs-tools 0.148.1
ii yubikey-personalization 1.20.0-5
Versions of packages yubikey-luks recommends:
ii cryptsetup-initramfs 2:2.7.5-2
ii expect 5.45.4-4
yubikey-luks suggests no packages.
-- Configuration Files:
/etc/ykluks.cfg [Errno 13] Brak dostępu: '/etc/ykluks.cfg'
-- no debconf information
