Override default path to local configuration. This also seems to be a better idea as the guide above says you should create your YubiKey configuration on an air-gapped (not connected to a network) machine. Posts: 349. Your token must have valid Yubico OTP configuration that is also. That's why the Personalization Tool says slot 1 is programmed. You may occasionally find that you want to move the Yubico OTP from its default location in Slot 1 to Slot 2. pre-commit-config. Find details on generating this file (which might also be called a YubiKey or Okta secrets file) from Programming YubiKeys for Okta Adaptive Multi. Use the YubiKey Personalization Tool to configure the two slots on your YubiKey on Microsoft Windows, macOS 10. The following versions: 2. xx) The YubiKey Personalization Tool; OtpKeyProv, the KeePass plugin that adds support for OATH-HOTP; Setup. 2 Enhancements to OpenPGP 3. United States. Download the YubiKey Personalization Tool. Click Save. Python library. Use ykman config usb for more granular control on YubiKey 5 and later. YubiKey Manager is a cross-platform tool; it runs on Windows, macOS, and Linux. Testing the Credential. The OTP is comprised of two major parts: the first 12 characters remain constant and represent the Public ID of the YubiKey device itself. Select Configure Certificates under the Certificates section. Linux users check lsusb -v in Terminal. Touch or NFC Authentication - Touch the YubiKey sensor or simply tap a YubiKey with NFC to a mobile phone that is NFC-enabled to store your credential on the YubiKey. Just added my Yubikey to my Microsoft Account URL "Passwordless Account" ON. Deletes the configuration stored in a slot. If the YubiKey menu option is already selected, click the three dots or the X on the upper right. For OATH you need the yubioath-desktop application and/or a mobile client: $ sudo dnf install -y yubioath-desktop Configuration of the YubiKey. The ssh-keygen command is a tool for creating new authentication key pairs for SSH. This command is generally used with YubiKeys prior to the 5 series. The YubiKey 5 Series Comparison Chart. When the Yubikey is plugged in, gpg-agent is properly running, and your terminal is setup with the correct SSH_AUTH_SOCK , you can get your SSH public key by running: $ ssh-add -L. I don't recommend using Yubikey for OTP, it can only store a limited number of passwords, I think 30. The packages in Debian Jessie are too old to support Yubikey 4. The next time you log on to the terminal, use YubiKey to log on. 15. The main mode of the YubiKey is entering a one time password (or a strong static password) by acting as a USB HID device, but there are things one can do with bi-directional communication: Configuration. Easy to implement. allowLastHID = "TRUE". These OTP configurations are stored in “OTP Slots”, and the user differentiates which slot to use by how long they touch the gold contact; a short touch (1 2. Interface. Step 2: In the YubiKey window, click Browse, locate the YubiKey seed file created in the previous section, click open and then click Upload Seed File. If you are running this from a non-Administrator account, you will be. Details and Configuration. Using a YubiKey to login to your computer. Help and tips if there are issues using the tool such as. The user is prompted to enter the current PIN, as well as the new PIN. Select slot 2. 5) Continue to configure the YubiKey as normal. USB-C support - Connect the YubiKey 5Ci or any USB-C type YubiKey. I’m using a Yubikey 5C on Arch Linux. For additional information on the tool read the relative manpage ( man pamu2fcfg ). Step 1: In the Windows Start menu, select Yubico > Login Configuration. Deploying the YubiKey 5 FIPS Series. You are now in admin mode for GPG and should see the following: 1 - change PIN. 9am - 5pm PST, Monday - Friday. DEV. Yubico Authenticator for Desktop (Windows, macOS and Linux) and Android. app-crypt/yubikey-manager aka ykman allows configuration of OTP, FIDO2, PIV, and enabling/disabling different interfaces (e. First, determine if your Yubikey is OATH-HOTP compatible. On the Export Private Key page, select Yes, export the private key. The YubiKey Manual – Usage, configuration and introduction of basic YubiKey concepts Web server API Validation Protocol Version 2. Resources. For each service you set up, have your spare YubiKey ready and add it right after the first one before moving to the next. OATH: FIPS 140-2 with YubiKey 5 FIPS Series. Reboot your computer into safe mode, delete the yubico for windows login tool, restart the computer. Launch the YubiKey Personalization Tool. Additional installation packages are available from third parties. "Setup YubiKey with iPads; Use OATH with the YubiKey; WebAuthn Compatibility; Using MFA Authenticator Codes with your YubiKey on Desktops; Using MFA Authenticator Codes with your Yubikey on Mobile Devices; Using YubiKeys with Azure MFA OATH-TOTP; Log on to your MFA Account with Yubico Authenticator; OATH Functionality with. You can use a YubiKey 5-series to protect data with secure access to computers. The secret key can then be entered into the token import CSV file used in To bulk upload OATH tokens. Insert your YubiKey into any USB slot on the machine you wish to use for encryption and launch the personalization tool. The code is shown next to the service’s identification, for example: Issuer (the name of the service). In a PAM configuration file if using {yubikey,u2f}-sufficient add an include line before or if using {yubikey,u2f}-required add it after a line that. Version 1. 2, it is a Triple-DES key, which means it is 24 bytes long. To set up multiple Yubikeys in one seed file when using the YubiKey Personalization Tool and setting the Yubico OTP select Advance and prior to selecting Write Configuration, Select Program Multiple YubiKeys. Select False if only the 12-character YubiKey ID will be used to authenticate the end-user. msc and click OK. Posts: 349. a. Unless using it to login to Windows (see Specify Configuration #2) or another OS 2FA access requiring Admin rights, this is abnormal, likely having nothing to do with the YubiKey or Yubico software themselves and is more likely a configuration issue/works as expected on the specific PC being used (especially since it's not replicated on another. Do one of the following. You can also use the tool to check the type and firmware of a YubiKey, or to perform batch programming of a large number of YubiKeys. Use the YubiKey Manager to configure FIDO2, OTP and PIV functionality on your YubiKey on Windows, macOS, and Linux operating systems. Post subject: Re: [QUESTION] reset a configuration w. Flexible – Support for time-based and counter-based code generation. Provides instructions on how to configure YubiKeys to work with YubiKey Windows Logon using the YubiKey Personalization Tool; best practices for. com Personalization Tool. 12, and Linux operating systems. Support Services. Describes how to use the YubiKey Personalization Tool application to configure your YubiKey for Yubico OTP, and then upload the AES key to the Yubico validation server. 2nd - confirm all the components are installed. Program an HMAC-SHA1 OATH-HOTP credential. Choose one of the. Select False if only the 12-character YubiKey ID will be used to authenticate the end-user. Click Applications → OTP. g. This guide will show you how to use the YubiKey Manager CLI (aka ykman) to set up each YubiKey application — see the YubiKey Manager Installation page for installation options. Works with any currently supported YubiKey. app-crypt/yubikey-manager aka ykman allows configuration of OTP, FIDO2, PIV, and enabling/disabling different interfaces (e. Go to Configuration → Self-Service → Multi-factor Authentication → Configuration tab → Yubikey Authenticator. exe file is saved. Insert the YubiKey into a USB port. Swapping Yubico OTP from Slot 1 to Slot 2. This includes certificates, keypairs, your PIV PIN, PUK, and Management Key. GUI tool. Make sure to save a duplicate of the QR. Click the link in the right pane «Edit policy setting». The user must be enrolled in Offline Access. 4. The Welcome page introduces the Yubico Login Configuration provisioning wizard: Step 3: Click Next. 14. In the SmartCard Pairing macOS prompt, click Pair. 4 Support. Select Change a Password from the options presented. Keep Yubico OTP selected on the "Select Credential Type" screen and click Next. Description: Manage connection modes (USB Interfaces). Convenient and portable: The YubiKey 5C fits easily on your keychain, making it convenient to carry and use wherever you go, ensuring secure access to your accounts at all times. Launch the Yubico Authenticator, and select the YubiKey menu option. Select Quick. The YubiKey Personalization Tool is a Qt based Cross-Platform utility designed to facilitate re-configuration of YubiKeys on Windows, Linux and Mac platforms. In the Yubikey configuration software, click “Static Password” along the top, and then click the “Advanced” button. Posted: Sun Aug 10, 2008 12:15 am . With the increasing. The image can be created with the nixos-generator tool and depending on the image copied onto a usb stick or executed. Click OATH-HOTP, then click Advanced. Generate self-signed certificates, anything can be used as subject. Posted: Sun Jan 29, 2017 10:57 am. 12, and Linux operating systems. Save the file to your desktop. Getting a biometric security key right. Using Yubico's personalization tools, the YubiKey Standard can be configured for use with Yubico One-Time Password (OTP), OATH-HOTP, HMAC-SHA1 Challenge-Response, and Static Password. This package was approved by moderator flcdrg on 16 Dec 2019. Keep your online accounts safe from hackers with the YubiKey. yubico. Step 4: The configurable items are:Yubico PIV Tool. Simply plug in via USB-C to authenticate. * and re-enabled them but forgot to update the configuration for slot. If you have overwritten this credential, you can use the YubiKey for YubiCloud Configuration Guide to program a new Yubico OTP credential and upload the credential to YubiCloud. This adds another security measure to prevent unwanted users connecting to your server. Display general status of the YubiKey OTP slots. After installing xrdp, verify the status of xrdp using systemctl: sudo systemctl status xrdp. The YubiKey code is nothing but a YubiKey passcode. Install the YubiKey Personalization Tool, if you have not already done so, and launch the program. 3 Related documentation YubiKey Configuration Utility – The Configuration Tool for the YubiKey The YubiKey Manual – Usage, configuration and introduction of basic conceptsBy using this tool you will destroy the AES key in your YubiKey. See full list on support. The key pairs are used for automating logins, single sign-on, and for authenticating hosts. Note that the tool will only read a single YubiKey at a time, so if you have multiple keys connected, it might not be evident. The YubiKey supports one-time passcodes (OTP) OTP supports protocols where a single use code is entered to provide authentication. Clicking the reset button wipes EVERYTHING related to the PIV module. Third party plugins can be discovered on GitHub for example. For convenience, I name my keys containing the YubiKey number and creation date. WARNING, ignoring step 1 is considered insecure, any user could just plugin a yubikey and gain root access! 2. Launch ykman CLI, ( 64-bit)Start the YubiKey Personalization Tool. Download and Install the YubiKey Manager tool:. Click the Write Configuration. These plug-ins enable you to integrate Yubico OTP support into existing systems. a. In other words, the component can be used by any programming languageLaunch the YubiKey Manager App and connect your YubiKey if it is not already connected. This guide uses version 3. Note: Some software such as GPG can lock the CCID USB interface, preventing another software from accessing applications that use that mode. After inserting your YubiKey into a USB port, start the YubiKey Personalization Tool. FIPS Level 1 vs FIPS Level 2. See Admin access for details on what these unlock. You will need to copy the device. In the password prompt, enter the password for the user account listed in the User Name field and click Pair. In the YubiKey Personalization Tool, select OATH-HOTP or OATH-HOTP Mode. It is not compatible with Windows on Arm (ARM32, ARM64) based. One way to do that is to use 2FA (Two Factor Authentication). It will show you the model, firmware version, and serial number of your YubiKey. I suspected they were problematic in 2. 2 – Open /etc/passwd and add to the end of it: <username>:<YubiKey token ID> where username is the name of user who is going to authorize with YubiKey, and YubiKey token ID is a user's YubiKey token identification, e. Once configuration is done, click "Write Configuration". While you're here, if you plan on using GPG with your Yubikey and are running. ykman piv generate-key 9a --algorithm ECCP256 /tmp/9a. 1st - confirm you are using a local account for your system. Under Configuration Slot, click Configuration Slot 1. This will allow you to simply insert one key, remove, then insert the next, repeatedly until all keys are programmed. Step 1. Post subject: Re: YubiKey could not be configured. AnyConnect will launch the system default browser with a redirect to Azure AD to authenticate. Open the YubiKey Personalization Tool. vmx configuration file. Along with GnuPG, we've installed a utility called gpg-agent which operates as a link between the YubiKey and the underlying GPG libraries. 1 are the most frequently downloaded ones by the program users. Step 3: Open a command prompt or PowerShell window and navigate to the directory where the Sign tool . 4. You can then add your YubiKey to your supported service provider or application. Yubico has declared end-of-life for the YubiKey Validation Server (YK-VAL) and YubiKey Key Storage Module (YK-KSM). The command must be of the format:. NFC) app-crypt/yubikey-manager-qt a GUI for app-crypt/yubikey-manager; sys-auth/yubico-piv-tool CLI-tool for PIV configuration; sys-auth/yubikey-personalization-gui aka ykinfo allows very low-level and batch. Yubikey personalization tool; To install these on Ubuntu 18. We have a range of computer login choices for organizations and individuals. Click Swap. Python library and command line tool for configuring any YubiKey over all USB interfaces. Slots configured with a Yubico OTP, OATH HOTP, or static password are activated by touching the YubiKey. a. Click the Tools tab at the top. Learn how you can set up your YubiKey and get started connecting to supported services and products. Then you will scan the QR code, with the Yubico Authenticator app, and then scan your YubiKey, to link the two. You CANNOT do that with the Yubikey Manager App provided by Yubikey. The image can be created with the nixos-generator tool and depending on the image copied onto a usb stick or executed. Azure AD CBA support with YubiKey on Android mobile is enabled via the latest MSAL and YubiKey Authenticator app is not a requirement for Android support. . ProxyJump allows a user to confidentially tunnel an SSH session through a central host with end-to-end encryption. Locate the checkbox labelled Dormant and ensure the box is not checked 8. Before you can enable the YubiKey integration as a multifactor authentication option, you need to obtain and upload a Configuration Secrets file generated through the YubiKey Personalization Tool. Summary. In certain modes, a YubiKey can be used to open a KeePass database, as described in the sections below. " button. yubikey-personalization. Locate the Configuration Protection section, and open the menu labelled “YubiKey(s) unprotected – Keep it that way”. Leave the QR code page open. Go to the startmenu and press the windows key -> Start > type devmgmt. The YubiKey Minidriver extends the support of the YubiKey on Windows from just authentication to allowing Windows to load and directly manage certificates on it. Post subject: Re: Help with Yubikey configuration tool. ykman fido credentials list [OPTIONS] ykman fido fingerprints [OPTIONS] COMMAND [ARGS]…. The tool. You should see the text Admin commands are allowed, and then finally, type: passwd. 1. U2F is an open authentication standard that enables keychain devices, mobile phones and other devices to securely access any number of web-based services — instantly and with no drivers or client software needed. The Yubikey Manager is a CLI tool for mainly managing your PIV = Personal Identity Verification storage, where you can store certificates and private keys. This guide uses version 3. In Yubico Authenticator for Android: Scan or insert your YubiKey, tap the triple-dot button, then tap Change password. change the second configuration. To protect the configuration of your YubiKey . FIDO: FIPS 140-2 with YubiKey 5 FIPS Series. Check to see if it can find your Yubikey: yubico-piv-tool -a list-readers; WIP; Yubikey with hidraw(4) usb driver. Configuring Yubikey Authenticator. usb. The YubiKey Authentication Module can validate the OTP against either its own Validation Server or against the Yubico Online Validation Service. See screenshot. Step 1: Go to your Microsoft account profile configuration page: authenticators YubiKey 5 Series. Popular Resources for BusinessNot wanting to remove Karabiner from my system, I decided I’d try to get the YubiKey app installed in a macOS VM. 1 Test Configuration with the Sudo Command. 9. 2 for offline authentication. For the Touch-Triggered OTP functions, the YubiKey can hold up to two different configurations. On a new YubiKey, Yubico OTP is preconfigured on slot 1. yubikey-personalization-gui. YubiKey 5 Series: Key Benefits Strong Authentication that Protects Against Phishing and Eliminates Account TakeoversDownload and install the YubiKey Personalization Tool. These OTP configurations are stored in “OTP Slots”, and the user differentiates which slot to use by how long they touch the gold contact; a short touch (1 2. . Log on the QR code realm to register the YubiKey device in the end-user's account. Site Admin: Joined: Wed May 28, 2008 7:04 pm Posts: 263 Location: Yubico base camp in Sweden - Now in Palo Alto I've just spent some time finding out if there is a Vista specific issue and from what I can see, everything is okay, at least here:These are in addition to the configuration available in the YubiKey 5 FIPS Series. Once the user has logged into his account, he can change the PIN of a YubiKey connected to his system as follows: Use Ctrl+Alt+Del to enter the lock screen. Configuration Configuring Your YubiKeys. ssh-keygen. CLI and C library. The attestation key (in slot F9) will be used to create an attestation statement (which is an X. For accounts managed by AD, the YubiKey enables authentication as a PIV-compliant smart card (Windows 7+, Microsoft Windows Server 2008 R2+). This guide will show you how to install it on Ubuntu 22. Open the Yubikey Personalization Tool. The YubiKey Manager (ykman) is a cross-platform application for managing and configuring a YubiKey via a graphical user interface (GUI) and a Python 3. 2023-10-19 21:12:01 UTC. Using a YubiKey to login to your computer. The YubiKey Manager supercedes the Yubico Personalization tool-- they both effectively do the same thing, the YubiKey Manager just has a much nicer GUI. pwSafe is an open source password manager for Mac OS X users that also comes with cloud backups, so you can securely back up your passwords online. The changes to the new Tool includes new features, improved user interface and, of course, a number of bug fixes. 14. 7 (or later) library and command line tool for configuring a YubiKey. where the first field is the serial number of the YubiKey token and the key material follows. This allows for an easy to use, easy to deploy scalable implementation of strong multi-factor authentication across an entire organization utilizing the native Windows tools and the. After inserting your YubiKey into a USB port, start the YubiKey Personalization Tool. Under Long Touch (Slot 2), click Configure. Built on Python, ykman was designed to provide a central and standardized platform for the automated initialization of YubiKeys, as well as the loading of cryptographic secrets onto the various supported functions. For typical usage, you will want to memorize the PIN, and keep a copy of the PUK and Management keys in a secure location. This can also be done using the YubiKey Manager command line interface. To apply an Access Code to a new configuration using the YubiKey Manager CLI, include the flag --access-code=<access code> in the OTP configuration string. This document will guide you through the set up and configuration process of the YubiKey Personalization Tool, programming of the YubiKeys, and output / extraction of the OTP secrets which need to. PUKs are a backup mechanism for recovering and resetting a locked Yubikey. Operating system and web browser support for FIDO2 and U2F. . Select the public certificate copied from YubiKey that is associated with the user’s account. Set Default Security Key Settings (Windows 11) As of the latest Windows Insider Build (Dev Channel), 23541. Yubico offers the phishing-resistant YubiKey for modern, multi-factor and passwordless authentication. If not already completed, configure a SecureAuth IdP Multi-Factor Authentication realm to generate QR codes. Organizations can decide which model works best for their application. The PAM module can utilize the HMAC-SHA1 Challenge-Response mode found in YubiKeys starting with version 2. - No need for complex on-premises deployments or network configuration. 5 seconds. This is a guide to using YubiKey as a SmartCard for storing GPG encryption, signing and authentication keys, which can also be used for SSH. Manage pin codes, configure FIDO2, OTP and PIV functionality, see firmware version and more. Joined: Thu Oct 16, 2014 3:44 pm. These fields include the following: private ID (48 bits) session usage counter (8 bits)Step 3: Identify the YubiKey slot number. Under Output Settings > Output Format, "Enter" should be in blue. sure the device does not have restricted access. For OATH you need the yubioath-desktop application and/or a mobile client: $ sudo dnf install -y yubioath-desktop Configuration of the YubiKey. But it is not possible to get back your old yubikey prefix if you decide to re-program your YubiKey. 509 mutual certificate based authentication takes place on the OpenVPN server. NOTE: While this selection is pre-configured for OTP, it will be easier for the end-user to use the YubiKey. ) security. We’ll use yubico-piv-tool to generate the keys on the YubiKey and edit the configuration, we’ll use ykman to reset the PIV data (optional), and then OpenSC and engine-pkcs11 to talk to the key, as well as OpenSSL to drive the whole thing and manipulate certificates. The first slot (ShortPress slot) is activated when the YubiKey is touched for 1 - 2. Press to test configuration の Test を押ます。 「Correct response!」が表示されれば成功です。 最後にYubiKey Logon が有効になっているか確認しておきましょう。 YubiKey Logon enabled(ボタン. Operating systems supported: Windows Linux The tool works with any YubiKey (except the Security Key). Tools of the trade. - GitHub - Yubico/yubikey-manager: Python library and command line tool for configuring any YubiKey over all USB interfaces. These instructions are for how to use the replacement tool, YubiKey Manager to configure the YubiKey. Once the assignment is complete, turn on YubiOn's two-factor authentication setting. The YubiKey Bio will appear here as YubiKey FIDO, and our Security Keys will show as "Security Key by Yubico". The Default page of Yubico Windows Login Configuration appears. But you can also configure all the other Yubikey features like FIDO and OTP. To enable the OTP interface again, go through the same steps again but. Should an exemption be obtained to deploy these devices with some interfaces disabled, the PID and iProduct values will be. Download ykman installers from: YubiKey Manager Releases. exe". 2. Make sure the application has the required permissions. You will need to select "Configuration Slot 1", and then click "Update. If you can’t see the card, you’re probably missing some smart card driver for your system. To find this slot number, you can use a tool called OpenSC. - Changed UI and design of Web site. This document will guide you through the set up and configuration process of the YubiKey Personalization Tool, programming YubiKeys, and the output / extraction of the OTP secrets which need to be uploaded to the Okta admin portal. Keep in mind serial numbers are unique across all models of YubiKeys, with the exception of Security Keys, which do not have serial numbers. Run the personalization tool. YubiKey Manager is a cross-platform tool; it runs on Windows, macOS, and Linux. The duration of touch determines which slot is used. In the Yubikey configuration software, click “Static Password” along the top, and then click the “Advanced” button. With it you may generate keys on the device, importing keys and certificates, and create certificate requests, and other operations. You should see YubiKey (Public ID: < public_id >) has been successfully configured along the top in green. Step 1: In Admin Dashboard, click Security>Multifactor>Factor Types>YubiKey>Active. Click on the Settings tab. Product documentation. The YubiKey 4 and the YubiKey 5 support not only RSA keys, but also Elliptic Curve Digital Signature Algorithm (ECDSA) keys. Executive Order (EO) 14028 and OMB memo M. Erases all keys and certificates stored on the device and sets it to the default PIN, PUK and management key. Instead of generating a key of 44 characters when you press the Yubikey, you can configure it to generate a 6 or 8 digits OTP code. msc and check the Smart card readers section . The tool works with any currently supported YubiKey. Download YubiKey Personalization Tool 3. Yubico Support: Knowledge base articles and answers to specific questions. Open YubiKey Manager. With the YubiKey configuration complete, you now can proceed to the Workiva setup steps. 10am - 4pm CET, Monday - Friday. Update the settings for a slot. For the Touch-Triggered OTP functions, the YubiKey can hold up to two different configurations. More powerful than ykman, but harder to use. Using the YubiKey Personalization Tool, you can program the YubiKeys and generate the secret key for each YubiKey. Incorrect configurations might lead to. A shared library and a command-line tool is included. These instructions are for how to use the replacement tool, YubiKey Manager to configure the YubiKey. 1. Click Generate to. A phone can get stolen, sold, infected by malware, have its storage read by a connected computer. Python 3. YubiKeys support multiple authentication protocols so you are able to use them across any tech stack, legacy or modern. Once YubiKey Manager has been downloaded, you can configure a static password using the following steps: Open YubiKey Manager. Device setup. Settings include: startup options, file management, entry management, user interface, language, security timeouts, and convenience. To run the tool, use Visual Studio Developer Command Prompt or Visual Studio Developer PowerShell. GUI tool. Personalization Tool > Settings. Click Quick. Attestation Key. In the section under Configuration Protection, click the arrow to display the list of options: 2. 6. g. Solution. " in YubiKey ManagerFor all YubiKeys, Yubico’s USB vendor ID (VID) is 0x1050. confClick the triple-dot button to open the menu and expand the section Set password. Yubico developer here, though speaking as an individual. 1 Encrypting File System”. ykpersonalize: Add -z flag to zap configuration on YubiKey. Introduction. com is using Yubico OTP functionality (Yubico AES). These are nearly functionally identical, but the key difference for the sake of this document is that Slot 2 requires you. The tool provides a same simple step-by-step approach to make configuration of YubiKeys easy to follow and understand, while still being powerful enough to exploit all functionality both. 6. Various types of aircraft are supported by the Configurator tool such as quadcopters, hexacopters, octocopters, and fixed-wing aircraft. NFC) app-crypt/yubikey-manager-qt a GUI for app-crypt/yubikey-manager; sys-auth/yubico-piv-tool CLI-tool for PIV configuration; sys-auth/yubikey-personalization-gui aka ykinfo allows very low-level. 2, it is a Triple-DES key, which means it is 24 bytes long. Reprogram a Yubikey to generate 6 or 8 digits OTP code. which means it'll be a new OTP configuration. g **ubbc0643451**004116861. 3) Append this modhex number to “ub:ubnu”. In the Configuration Protection section, select "YubiKey (s) Protected - Disable Protection". To enable remote control and configure client settings. $ sudo dnf install -y yubico-piv-tool-devel. Under Configuration Slot, select the slot you'll be using for Duo. Remove your YubiKey and plug it into the USB port. 0 and 1. Thanks.