On 2019-02-20, Georgios Pediaditis <[email protected]> wrote: > >> As far as it accepting the non-yubikey password, remember that a LUKS >> container has multiple key slots (8 or 24, I do not recall precisely at >> the moment). Accessing a LUKS container only requires that a single key >> be unlocked, so any available password is sufficient to gain access. >> Once you have the yubikey-based password working, you will need to >> remove the other key slot if you no longer want that password to unlock >> the container. > > Thanks for your reply. > > I know that it has multiple slots. For the time being that's the only > reason i can open my laptop :-p > > It must be challenge response and not static password since i already > use the yubikey slot 1 and i need to use yubikey slot 2 with challenge > response on other services. > > Thanks again for your help > >
As you omitted the part about appending 'keyscript=/usr/share/yubikey-luks/ykluks-keyscript' to your /etc/crypttab file and subsequently running 'update-initramfs -u' in your description of your procedure, I'm wondering whether you inadvertently skipped that step. https://github.com/cornelinux/yubikey-luks
