--
Securely sent with Tutanota. Get your own encrypted, ad-free mailbox:
https://tutanota.com
Dec 28, 2019, 19:31 by [email protected]:
> December 28, 2019 6:02 PM, [email protected] wrote:
>
>> my USB controller is attached to nothing, but needed for Yubikey login.
>>
>>> I lost my tty2-credentials (the username), so I'm locked out of the system.
>>> BIOS changes don't help.
>>> Is there any way to "free" USB during boot? Or get rid of the tty login
>>> credentials?
>>>
>>> not sure what "tty login credentials" means.
>>> but you can always boot some random live-linux (like "fedora
>>> workstation"), open the qubes luks device and mount the dom0
>>> root and check/change whatever needs fixing there.
>>>
>>> if you are just missing your dom0 username (huh?), getting it
>>> through liveboot is probably easiest.
>>> you can also change the boot config to remove all mentions
>>> of hide-all-usb. (check a guide on how to configure a qubes
>>> for usb-keyboard usage, basicly same thing)
>>>
>>> I think he means he uses his yubikey as an emulated keyboard to type his
>>> disk password, and
>>> probably enabled a USB Qube and now the yubikey can't type in early
>>> userspace.
>>>
>>> So yeah, you'll have to boot into the installer and enter rescue mode, or
>>> boot into some other live
>>> linux distro, and disable the USB Qube. Follow these instructions for
>>> removing your USB Qube:
>>> https://www.qubes-os.org/doc/usb-qubes/#removing-a-usb-qube
>>>
>>> Note, if you're using Grub, all you have to do is press 'e' when you're at
>>> the boot loader, and
>>> remove rd.qubes.hide_all_usb from the kernel command line. Then you should
>>> be able to login, and
>>> remove that same option from /etc/default/grub
>>>
>>>> Thanks! Well, I can boot into nothing because my USB connection is gone.
>>>>
>>>> I know my dom0 username but it doesnt work, and therefore the Yubikey
>>>> authentication at login
>>>> neither.
>>>>
>>>> So I thought there could be a trick reattaching the USB controller to
>>>> sys-usb during early boot.
>>>>
>>>> If I had access to tty2 there would be no big problem. I would delete the
>>>> Yubikey pam.d entry for
>>>> login.
>>>> Best, mastor
>>>>
>>>
>>> (when replying please use reply-all to make sure a copy goes to the list
>>> and not just to me)
>>>
>>
>> Sorry, this is a mess on a/my mobile phone.
>>
>>> Ah, I see. So you're able to type in your disk passphrase and get to the
>>> user login screen? Either
>>> lightdm or a TTY, I'm assuming? And I'm assuming you're able to switch to
>>> TTY2, but you can't login
>>> to it?
>>>
>>
>> Yes, lightdm.
>>
>>> The username shouldn't have anything to do with the yubikey or USB at all.
>>> What do you mean the
>>> dom0 username doesn't work? I thought the problem was that you can't sign
>>> in because the yubikey
>>> isn't working in Qubes anymore due to enabling a USB Qube.
>>>
>>
>> Both. No tty login, no Yubikey, because the controller is not attached to
>> the USB qube.
>>
>>> Also, did you disable password authentication after you set up the yubikey?
>>>
>>
>> I use this, and it usually worked fine for years:
>>
>> https://old.mig5.net/content/yubikey-2fa-qubes-redux-adding-backup-key.html
>>
>>> And what do you mean your USB connection is gone? Unless there's something
>>> physically wrong with
>>> it, you should be able to boot from a USB drive regardless of whether a USB
>>> Qube is enabled or not.
>>> Have you tried booting into the installer from USB (the same way as when
>>> you first installed
>>> Qubes)?
>>>
>>
>> Hm, no, no USB boot option in Bios, no way to boot from USB. I tried
>> everything, I think.
>>
>> Thanks for your patience!
>>
>
> Thanks for the link. That explains a lot.
>
> I don't know anything about this setup, so I don't know if there's a failsafe
> for this type of situation, such as when sys-usb won't start or it
> malfunctions.
>
> Something you could try: when qubes is first starting, *before* you get to
> the disk password prompt, press f12 to switch into text mode. You should see
> console output and a text-based disk password prompt. From there, see if you
> can do anything: switch TTYs, press Ctrl-C, type the password wrong three
> times, or whatever you can think of. You might be able to get an early rescue
> shell.
>
> Also here are some other threads about Yubikey on Qubes. See if any of them
> look like the same problem you're having.
> https://www.mail-archive.com/search?q=+Yubikey&l=qubes-users%40googlegroups.com
>
> Also, how did you install Qubes in the first place if you can't boot from
> USB? If you booted from a CD, then do that again. If you did the installation
> on a different machine and then physically installed the disk, do the
> reverse. Basically, do whatever you did to install Qubes, but instead of
> installing, use the rescue option.
>
Thanks again! I was able to boot from USB yesterday ...
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/LxCn8Ut--3-2%40tuta.io.
