[Ukfreebsd] Notes from last night meeting

Sevan Janiyan venture37 at geeklan.co.uk
Wed May 23 15:03:55 BST 2018


On 23/05/2018 13:43, Tom Jones wrote:
>> Wrestling a Yubikey as ugen or uhid device if you want to use it with
>> pcscd on NetBSD
> I am using a yubikey with pcscd on FreeBSD I wonder what others
> experience is like using a yubikey on *BSD.
> 
> Compared to using the same key on Mac OS it is pretty lackluster. I have
> to restart both the pcscd daemon and gpg-agent when reinserting the
> key. I gave up on touch to authenticate as it completely stopped me
> using the key.
> 
> Are others having a better experience?

My interest was for CVS/SVN/SSH use to free me to work from any system
with a USB port without having to spread my keys around. Things work
fine on FreeBSD with pcscd and on macOS High Sierra with OpenSC but fall
short on NetBSD as uhid(4) binds to the device (haven't gotten on to try
OpenBSD yet).
The yubikey 4 is OTP+CCID mode and the RSA keys were generated on the
card using ssh-keygen (not doing the exported gpg keys dance).

On macOS I have to restart the ssh-agent with the path to the OpenSC
library whitelisted which hopefully can be done automatically but I fear
handwriting XML may be involved (haven't actually looked into it).


Sevan


More information about the Ukfreebsd mailing list