mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-07 07:26:13 -05:00
doc: cookbook: Document the configuration of a Yubikey with KeePassXC.
* doc/guix-cookbook.texi (Using security keys) [Requiring a Yubikey to open a KeePassXC database]: New subsection. Series-to: 65354@debbugs.gnu.org
This commit is contained in:
Maxim Cournoyer
parent
4e531e55dc
commit
c221d3e962
1 changed files with 45 additions and 0 deletions
|
|
@ -2158,6 +2158,51 @@ the @code{yubikey-manager-qt} package and either wholly disable the
|
||||||
@samp{Applications -> OTP} view, delete the slot 1 configuration, which
|
@samp{Applications -> OTP} view, delete the slot 1 configuration, which
|
||||||
comes pre-configured with the Yubico OTP application.
|
comes pre-configured with the Yubico OTP application.
|
||||||
|
|
||||||
|
@subsection Requiring a Yubikey to open a KeePassXC database
|
||||||
|
@cindex yubikey, keepassxc integration
|
||||||
|
The KeePassXC password manager application has support for Yubikeys, but
|
||||||
|
it requires installing a udev rules for your Guix System and some
|
||||||
|
configuration of the Yubico OTP application on the key.
|
||||||
|
|
||||||
|
The necessary udev rules file comes from the
|
||||||
|
@code{yubikey-personalization} package, and can be installed like:
|
||||||
|
|
||||||
|
@lisp
|
||||||
|
(use-package-modules ... security-token ...)
|
||||||
|
...
|
||||||
|
(operating-system
|
||||||
|
...
|
||||||
|
(services
|
||||||
|
(cons*
|
||||||
|
...
|
||||||
|
(udev-rules-service 'yubikey yubikey-personalization))))
|
||||||
|
@end lisp
|
||||||
|
|
||||||
|
After reconfiguring your system (and reconnecting your Yubikey), you'll
|
||||||
|
then want to configure the OTP challenge/response application of your
|
||||||
|
Yubikey on its slot 2, which is what KeePassXC uses. It's easy to do so
|
||||||
|
via the Yubikey Manager graphical configuration tool, which can be
|
||||||
|
invoked with:
|
||||||
|
|
||||||
|
@example
|
||||||
|
guix shell yubikey-manager-qt -- ykman-gui
|
||||||
|
@end example
|
||||||
|
|
||||||
|
First, ensure @samp{OTP} is enabled under the @samp{Interfaces} tab,
|
||||||
|
then navigate to @samp{Applications -> OTP}, and click the
|
||||||
|
@samp{Configure} button under the @samp{Long Touch (Slot 2)} section.
|
||||||
|
Select @samp{Challenge-response}, input or generate a secret key, and
|
||||||
|
click the @samp{Finish} button. If you have a second Yubikey you'd like
|
||||||
|
to use as a backup, you should configure it the same way, using the
|
||||||
|
@emph{same} secret key.
|
||||||
|
|
||||||
|
Your Yubikey should now be detected by KeePassXC. It can be added to a
|
||||||
|
database by navigating to KeePassXC's @samp{Database -> Database
|
||||||
|
Security...} menu, then clicking the @samp{Add additional
|
||||||
|
protection...} button, then @samp{Add Challenge-Response}, selecting the
|
||||||
|
security key from the drop-down menu and clicking the @samp{OK} button
|
||||||
|
to complete the setup.
|
||||||
|
|
||||||
@node Dynamic DNS mcron job
|
@node Dynamic DNS mcron job
|
||||||
@section Dynamic DNS mcron job
|
@section Dynamic DNS mcron job
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue