Hello, After upgrading to OpenBSD 7.8, the Yubikey OTP "insert key and press the button" functionality no longer works in OpenBSD because it no longer attaches as a keyboard:
https://cvsweb.openbsd.org/src/sys/dev/usb/ukbd.c?rev=1.91&ipk=jmoO719Mg1QImIC-UsGwegP2ZCM7IeAUQC-ZGChv3ic&content-type=text/x-cvsweb-markup I don't see Yubico updating their tools anytime soon, so... After a suggestion from mischief in IRC, I realized I could use usbhidctl to get the data upon pressing the button. Oddly enough, for some reason on my system the data seems to be buffered (when in a pipeline) and the script doesn't produce output until I unplug the device, whereupon I get an error message, but at least I also get the OTP. After finding your uhid number for the Yubikey by looking at dmesg output, here's the sed script I wrote to extract the OTP upon pressing the button (and removal of device due to buffering I'm encountering): $ doas usbhidctl -f 0 -l | \ sed -n -e ' s/^Keyboard\.Keyboard_\([a-z]\)_and_[A-Z]=1.*/\1/p /^Keyboard\.Keyboard_Return_(ENTER)=1.*/q' | \ tr -d \\n | (cat ; echo) # after the light finishes flickering, unplug usbhidctl: Device read error: Input/output error ccccccggjkgvginjgkbudjfcljljedtrjvvllcekrdfd mischief had a different approach using awk: $ doas usbhidctl -f 0 -l | \ awk ' BEGIN { key = "" } /\.Keyboard.*\[0\]/ { split($1, spl, "_") if (spl[2] != "Return") { key = key spl[2] } else { print(key) fflush() key = "" } }' # again I have to unplug after light is done flickering usbhidctl: Device read error: Input/output error ccccccggjkgvcebfgkudntibllfdfrerhbderluhijvi The script can be stripped of newlines to make a nice one-liner. I'm not sure why the data gets buffered when usbhidctl is used in a pipeline. Even "usbhidctl -f 0 -l | tee /dev/tty" seems to only output all but the last three chunks of data necessary to output a complete OTP until I unplug the device. Enjoy. Andy
