Issue(s): Yubikey OTP Functionality Not Working As Expected & Support on Ubuntu 18.04 Cannonical

Notes from the Field 1/31/2021

OnlyKey

• Purportedly works with Yubikey OTP & cross-platform

Actions Taken

Endeavored to configure for a variety of password managers. OnlyKey effectively works as an input driver (like a keyboard) except that input is driver by sequences on the OnlyKey number keys numbered 1-6)

Downloaded the PDF for firmware upgraded and successfully upgraded the firmware to Signed_OnlyKey_2_1_0_STD.txt

Read the User Manual for configuration for Password Vaults and applications

Functionality Tested & Working Now

• Worked with FIDO/U2F capability. Worked fine on Windows 10, did not work on Ubuntu 18.04, worked on Ubuntu 20.04. Not tested on macOS.
• OnlyKey software does not detect OnlyKey unless the key is removed, reinserted and even then, the software on OnlyKey Setup software on Linux does not work. Works fine on Windows 10.
• Simple username/password input works across all platforms tested [Windows, Linux, MacOS], which I would expect from an input driver.
• I did not test the FIDO/U2F capability on MacOS.

Issues Encountered

• Yubikey OTP does not work as described in the user manual for the following YubiKey
  Serial Number (Dec): 10249751

Key values were copied from YubiKey Personalization Tool to the OnlyKey Setup software, Advanced Tab, and entered the appropriate public, private and secret keys, to no avail. This was repeated and triple checked. Authentication fails. Authentication fails even when entering the key “de novo” within the Password Manager configuration interfaces per Yubico OTP setup. Simply doesn’t work.

• FIDO/U2F does not function on Ubuntu 18.04

Status

Currently using OnlyKey for desktop logon for several systems, now works well with Password Managers except for the issues mentioned above. Yubikey OTP issue precludes use with specific password managers that do not support FIDO/U2F. Seeking resolution for this issue, and a statement on support for Ubuntu 18.04 Canonical. Thank you.

D0c

@D0c Thanks for the detailed write up

• FIDO/U2F does not function on Ubuntu 18.04

We have lots of people that use OnlyKey for FIDO authentication on Ubuntu 18.04 so trying to understand what is different here, what browser are you attempting to use? How are you installing it i.e. Snap or DEB. Older versions of Firefox required manual setting change to enable U2F support. As I am sure you found installing the UDEV rule is required.

Yubikey OTP does not work as described

We also have lots of people that use OnlyKey for Yubikey OTP as well as use with Yubi cloud. What kind of issue are you seeing? Keep in mind you have to have a Yubikey with serial number to use Yubi cloud, and keep in mind Yubikey OTP is counter based so you can’t use multiple devices with same key as counter on one of the devices would be out of sync.

OnlyKey software does not detect OnlyKey unless the key is removed, reinserted and even then, the software on OnlyKey Setup software on Linux does not work

This sounds like there must be some kind of issue with Udev rule. OnlyKey is detected whenever device is attached by the app, if udev rule is not properly installed it will not be detected - Using OnlyKey with Linux | Docs

2 hints:

• Ubuntu - OnlyKey App - Please connect your OnlyKey - #9 by Mango_Mungo ~# apt install libu2f-udev

• Yubikey OTP with Yubi cloud sucks. Maybe Time-based One-time Passwords (TOTP) is an alternative. I use the TOTP from andOTP or FreeOTP+ with OnlyKey.
  Both apps at Free and Open Source (FOSS) software archive for Android