On 8/29/19 1:49 AM, unman wrote: > On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: >> On 5/27/19 6:09 AM, Stumpy wrote: >>> I am trying to use an onlykey U2F but have run into some issues like it >>> showing up in dom0 and sys-usb but seems like i cant use it. >>> >>> in sys-usb: >>> [user@sys-usb ~]$ lsusb | grep Only >>> Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor >>> Authentication and Password Solution >>> >>> and in Dom0: >>> [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 >>> sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc >>> Device attach failed: >>> [ralph@dom0 ~]$ >>> >>> I decided to go with the chrome app but even though sys-usb seems to see >>> the onlykey I cant seem to attach it to the chrome appvm i made? >>> >> >> >> so in dom0 you did >> $qvm-usb >> >> get the BDM number and do >> >> $qvm-usb attach chromevm sys-usb:X-X >> >> U2F keys will work in chromium for google logins with no >> complicated passthrough setup necessary >> >> OTP won't , if the key does more than U2F you may need to get a >> configuration application for the key and make sure it's U2F only >> slot 1 , 2 etc >> > > Have you looked at the qubes-u2f-proxy package? > https://www.qubes-os.org/doc/u2f-proxy > > After installation in dom0 and the relevant template, you enable the > service in the qube you want to use it in, and the device should then > be available for use in that qube. > You *dont* attach the USB device to the qube. > > Try that, and see how you get on. > > unman >
attaching does work(only in chromium fwiw) even with the FF about:config changes, though, apparently this isn't 'secure' so looking at the u2f proxy at this point Repeat qvm-service --enable (or do this in VM settings -> Services in the Qube Manager) for all qubes that should have the proxy enabled. As usual with software updates, shut down the templates after installation, then restart sys-usb and all qubes that use the proxy. After that, you may use your U2F token (but see Browser support below). after installing the proxy in the templates and shutting them down, and restarting the appVMs based on them..... there is No qvm-service to do qvm-service --enable and/or what or where is this supposed to be 'repeated' ? "Repeat qvm-service --enable for all qubes that should have the proxy enabled." sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or whatever they are called now :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b048746-8ec2-f582-3673-f47bc1373c99%40riseup.net.