I have a FIDO U2F Yubico Security Key that I use for authentication to Gmail and Facebook. In my situation, I decided to use a single VM for two factor authentication. Here's what I did:
1. Find a free USB controller. I didn't want to use the same one as my keyboard or mouse. Your board specs and the lsusb utility are your friends in the hunt. Check out the Qubes document "Assigning Devices to VMs" for the gory details of discovering the PCI device assignments to your USB controllers. 2. In the VM you plan to use the key, you'll want to assign the PCI device for your free hub to that VM. That's accomplished by firing up Qube settings for the VM and selecting the devices tab. Scroll down to the available device and move it to the selected box. 3. You might have to configure strict reset (or disable strict reset) for the USB controller. 4. Start the VM. One gotcha: the VM won't run in PVH mode once you make this assignment. But, my Yubikey lights up when Gmail or Facebook need the second factor, and it works as advertised. On Friday, March 9, 2018 at 12:34:06 PM UTC-5, Jon R. wrote: > Hello, > > I've scoured around the mailing lists / SO / Reddit and haven't come across a > solution to this yet. I'm running 4.0 (R4.0) and when I attempt to use my > Yubikey it's seemingly not picking up any input on the button press. > > It's detecting the USB properly and I can attach it fine: > > [cloe@dom0 Desktop]$ qvm-usb > BACKEND:DEVID DESCRIPTION USED BY > sys-usb:2-1 Yubico_Yubikey_4_OTP+CCID > > [cloe@dom0 Desktop]$ qvm-usb attach work sys-usb:2-1 > > [cloe@dom0 Desktop]$ qvm-usb > BACKEND:DEVID DESCRIPTION USED BY > sys-usb:2-1 Yubico_Yubikey_4_OTP+CCID work > > However upon button presses on the Yubikey in the "work" domain there is no > action. I've tested this in gedit, the terminal and elsewhere to no avail. > > > Can someone point me in the right direction as to what may be happening? I've > successfully attached storage devices and other smart card related devices > without any issue so it seems to be isolated to the Yubikey itself. I've > tried 2 separate Yubikey 4's and an older version to no avail. > > > Thank you for your time. > > > - Cody -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e00edc7-3c2a-462e-98c6-443dd1af7d36%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
