Le vendredi 30 août 2019 14:40:51 UTC+2, unman a écrit : > > On Thu, Aug 29, 2019 at 08:58:33PM -1000, rec wins wrote: > > On 8/29/19 1:49 AM, unman wrote: > > > On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: > > >> On 5/27/19 6:09 AM, Stumpy wrote: > > >>> I am trying to use an onlykey U2F but have run into some issues like > it > > >>> showing up in dom0 and sys-usb but seems like i cant use it. > > >>> > > >>> in sys-usb: > > >>> [user@sys-usb ~]$ lsusb | grep Only > > >>> Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > > >>> Authentication and Password Solution > > >>> > > >>> and in Dom0: > > >>> [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb > sys-usb:42 > > >>> sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > > >>> Device attach failed: > > >>> [ralph@dom0 ~]$ > > >>> > > >>> I decided to go with the chrome app but even though sys-usb seems to > see > > >>> the onlykey I cant seem to attach it to the chrome appvm i made? > > >>> > > >> > > >> > > >> so in dom0 you did > > >> $qvm-usb > > >> > > >> get the BDM number and do > > >> > > >> $qvm-usb attach chromevm sys-usb:X-X > > >> > > >> U2F keys will work in chromium for google logins with no > > >> complicated passthrough setup necessary > > >> > > >> OTP won't , if the key does more than U2F you may need to get a > > >> configuration application for the key and make sure it's U2F only > > >> slot 1 , 2 etc > > >> > > > > > > Have you looked at the qubes-u2f-proxy package? > > > https://www.qubes-os.org/doc/u2f-proxy > > > > > > After installation in dom0 and the relevant template, you enable the > > > service in the qube you want to use it in, and the device should then > > > be available for use in that qube. > > > You *dont* attach the USB device to the qube. > > > > > > Try that, and see how you get on. > > > > > > unman > > > > > > > > > attaching does work(only in chromium fwiw) even with the FF about:config > > changes, though, apparently this isn't 'secure' so > > > > looking at the u2f proxy at this point > > > > > > Repeat qvm-service --enable (or do this in VM settings -> Services in > > the Qube Manager) for all qubes that should have the proxy enabled. As > > usual with software updates, shut down the templates after installation, > > then restart sys-usb and all qubes that use the proxy. After that, you > > may use your U2F token (but see Browser support below). > > > > > > after installing the proxy in the templates and shutting them down, and > > restarting the appVMs based on them..... there is No qvm-service to > > do qvm-service --enable > > > > and/or what or where is this supposed to be 'repeated' ? > > > > "Repeat qvm-service --enable for all qubes that should have the proxy > > enabled." > > > > sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or > > whatever they are called now :) > > > "qube" is a "user friendly term for a VM" > (https://www.qubes-os.org/doc/glossary";) > > qvm-service is a dom0 command line tool - you can also enable the > service in the GUI interface as noted in the instructions. > You enable the service for *each* qube where you want to use the proxy - > that's the "repeat" part. > Check the policy file in /etc/qubes-rpc/policy/ >
U2F proxy not working for me, neither Chrome or FF. Directly attaching the Onlykey to the vm works for U2F but after detaching, Onlykey is no more a keyboard in dom0. I did : https://docs.crp.to/qubes.html Is : https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/master/49-onlykey.rules needed in sys-usb ? THX Sébastien -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66c4a2a7-e6f1-4730-a180-f28edb17853d%40googlegroups.com.
