On Mon, Sep 01, 2025 at 05:57:41PM +0000, byteskeptical wrote: > Howdy misc, > > Following -current and have been affected by the recent yubico changes. > I use the yubikey slots to unlock my disk (FDE) at boot and the other > slot as my users's password. I'm not necessarily asking for a reversion > as I understand my use case may be in the miniority. I'm more interested > in first making sure that future changes won't lock me out of my > machine. I can still use the keyboard functionality at the disk unlock > prompt at boot but not at login with the existing changes. I don't mind > running a custom kernel so that's not an issue if this is not meant to > change.
I wouldn't mind either but the thing is one can't assume login_yubikey(8) will remain in base.[1] A good reason to keep it would be to allow ssh login from a machine where yubikey otp can be used. > I have however been using this setup for quite some time and this > episode has prompted a re-evaluation. I try to spend most of my > computing time on an OpenBSD box now a days so I'm interested in > finding a well (or better) supported alternative. Another vendor who claims that their products are compatible with the yubikey otp protocol is OnlyKey.[2] > I do use some of the other features like fido and have a set of auth > and signing keys loaded so these would be nice to haves but not deal > breakers. I was previously using a keydisk at boot but it's hard to > beat the form factor of the nano on a laptop and the convenience of > only have to worry about one usb device. Interested in community > suggestions or alternative setups proposals. Just for brevity the > convenience for my use case of having my user password tied to the > keyboard functionality is mainly in using the same as my access > password for my password manager making the obscene amount of times > I have to use it throughout my day a bit more bearable. > > > -- > All desire is the desire to be desired by the subject presumed to know. Footnotes: [1] See this on tech@: https://marc.info/?l=openbsd-tech&m=175520953330385&w=2 [2] See for example: https://onlykey.io/products/onlykey-duo-dual-usb-c-and-usb-a-security-key
