[qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On 8/29/19 2:36 AM, Brendan Hoar wrote: > On Thu, Aug 29, 2019 at 3:02 AM rec wins > wrote: > >> >> OTP won't , if the key does more than U2F you may need to get a >> configuration application for the key and make sure it's U2F only >> slot 1 , 2 etc >> > > Yubikey OTP works through a keyboard-like HID, which are blacklisted by > default in Qubes. In order to directly attach a keyboard-like device to a > VM you have to override this setting. > > See: > https://www.qubes-os.org/doc/usb-qubes/#enable-a-usb-keyboard-for-login > > B > I could be wrong but I not sure you can use 1 key for both U2F and OTP , as I mentioned, you may need to use the developers software to disable one of them . If you disable everything but U2F then follow the Qubes Docs for U2F sort of defeats the purpose of an onlykey I imagine, I myself am using a U2F only yubikey , not OTP gave up on that long time ago -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/489a753d-27eb-1635-4e93-79767bead459%40riseup.net.
[qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
Le vendredi 30 août 2019 21:02:44 UTC+2, rec wins a écrit : > > On 8/30/19 2:40 AM, unman wrote: > > On Thu, Aug 29, 2019 at 08:58:33PM -1000, rec wins wrote: > >> On 8/29/19 1:49 AM, unman wrote: > >>> On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: > On 5/27/19 6:09 AM, Stumpy wrote: > > I am trying to use an onlykey U2F but have run into some issues like > it > > showing up in dom0 and sys-usb but seems like i cant use it. > > > > in sys-usb: > > [user@sys-usb ~]$ lsusb | grep Only > > Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > > Authentication and Password Solution > > > > and in Dom0: > > [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb > sys-usb:42 > > sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > > Device attach failed: > > [ralph@dom0 ~]$ > > > > I decided to go with the chrome app but even though sys-usb seems to > see > > the onlykey I cant seem to attach it to the chrome appvm i made? > > > > > so in dom0 you did > $qvm-usb > > get the BDM number and do > > $qvm-usb attach chromevm sys-usb:X-X > > U2F keys will work in chromium for google logins with no > complicated passthrough setup necessary > > OTP won't , if the key does more than U2F you may need to get a > configuration application for the key and make sure it's U2F only > slot 1 , 2 etc > > >>> > >>> Have you looked at the qubes-u2f-proxy package? > >>> https://www.qubes-os.org/doc/u2f-proxy > >>> > >>> After installation in dom0 and the relevant template, you enable the > >>> service in the qube you want to use it in, and the device should then > >>> be available for use in that qube. > >>> You *dont* attach the USB device to the qube. > >>> > >>> Try that, and see how you get on. > >>> > >>> unman > >>> > >> > >> > >> attaching does work(only in chromium fwiw) even with the FF > about:config > >> changes, though, apparently this isn't 'secure' so > >> > >> looking at the u2f proxy at this point > >> > >> > >> Repeat qvm-service --enable (or do this in VM settings -> Services in > >> the Qube Manager) for all qubes that should have the proxy enabled. As > >> usual with software updates, shut down the templates after > installation, > >> then restart sys-usb and all qubes that use the proxy. After that, you > >> may use your U2F token (but see Browser support below). > >> > >> > >> after installing the proxy in the templates and shutting them down, and > >> restarting the appVMs based on them. there is No qvm-service to > >> do qvm-service --enable > >> > >> and/or what or where is this supposed to be 'repeated' ? > >> > >> "Repeat qvm-service --enable for all qubes that should have the proxy > >> enabled." > >> > >> sure sounds like by "qubes" what is meant is the AppVMs or TBAVM > or > >> whatever they are called now :) > >> > > "qube" is a "user friendly term for a VM" > > (https://www.qubes-os.org/doc/glossary;) > > > > qvm-service is a dom0 command line tool - you can also enable the > > service in the GUI interface as noted in the instructions. > > You enable the service for *each* qube where you want to use the proxy - > > that's the "repeat" part. > > Check the policy file in /etc/qubes-rpc/policy/ > > > > > OK seems to be operational now in FF , not sure what I was supposed to > see in /policy/ > > @dom0 ~]$ !529 > cat /etc/qubes-rpc/policy/u2f.Register > $anyvm sys-usb allow,user=root > > > u2f.Authenticate says the same > > > > Stumpy did you do this : > > https://docs.crp.to/qubes.html > > > need to keep the support organize or just gets too complicated IMO > or are you Sebastian please bottompost unman, awokd, brendan > are the ones to talk to > Could you post a step by step explanation ? Is your OnlyKey working simultaneously with U2F proxy AND as a keyboard in dom0 ? THX Sébastien -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4169554b-84e4-488e-ae8c-30501b1f1da0%40googlegroups.com.
Re: [qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
Le vendredi 30 août 2019 14:40:51 UTC+2, unman a écrit : > > On Thu, Aug 29, 2019 at 08:58:33PM -1000, rec wins wrote: > > On 8/29/19 1:49 AM, unman wrote: > > > On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: > > >> On 5/27/19 6:09 AM, Stumpy wrote: > > >>> I am trying to use an onlykey U2F but have run into some issues like > it > > >>> showing up in dom0 and sys-usb but seems like i cant use it. > > >>> > > >>> in sys-usb: > > >>> [user@sys-usb ~]$ lsusb | grep Only > > >>> Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > > >>> Authentication and Password Solution > > >>> > > >>> and in Dom0: > > >>> [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb > sys-usb:42 > > >>> sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > > >>> Device attach failed: > > >>> [ralph@dom0 ~]$ > > >>> > > >>> I decided to go with the chrome app but even though sys-usb seems to > see > > >>> the onlykey I cant seem to attach it to the chrome appvm i made? > > >>> > > >> > > >> > > >> so in dom0 you did > > >> $qvm-usb > > >> > > >> get the BDM number and do > > >> > > >> $qvm-usb attach chromevm sys-usb:X-X > > >> > > >> U2F keys will work in chromium for google logins with no > > >> complicated passthrough setup necessary > > >> > > >> OTP won't , if the key does more than U2F you may need to get a > > >> configuration application for the key and make sure it's U2F only > > >> slot 1 , 2 etc > > >> > > > > > > Have you looked at the qubes-u2f-proxy package? > > > https://www.qubes-os.org/doc/u2f-proxy > > > > > > After installation in dom0 and the relevant template, you enable the > > > service in the qube you want to use it in, and the device should then > > > be available for use in that qube. > > > You *dont* attach the USB device to the qube. > > > > > > Try that, and see how you get on. > > > > > > unman > > > > > > > > > attaching does work(only in chromium fwiw) even with the FF about:config > > changes, though, apparently this isn't 'secure' so > > > > looking at the u2f proxy at this point > > > > > > Repeat qvm-service --enable (or do this in VM settings -> Services in > > the Qube Manager) for all qubes that should have the proxy enabled. As > > usual with software updates, shut down the templates after installation, > > then restart sys-usb and all qubes that use the proxy. After that, you > > may use your U2F token (but see Browser support below). > > > > > > after installing the proxy in the templates and shutting them down, and > > restarting the appVMs based on them. there is No qvm-service to > > do qvm-service --enable > > > > and/or what or where is this supposed to be 'repeated' ? > > > > "Repeat qvm-service --enable for all qubes that should have the proxy > > enabled." > > > > sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or > > whatever they are called now :) > > > "qube" is a "user friendly term for a VM" > (https://www.qubes-os.org/doc/glossary;) > > qvm-service is a dom0 command line tool - you can also enable the > service in the GUI interface as noted in the instructions. > You enable the service for *each* qube where you want to use the proxy - > that's the "repeat" part. > Check the policy file in /etc/qubes-rpc/policy/ > U2F proxy not working for me, neither Chrome or FF. Directly attaching the Onlykey to the vm works for U2F but after detaching, Onlykey is no more a keyboard in dom0. I did : https://docs.crp.to/qubes.html Is : https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/master/49-onlykey.rules needed in sys-usb ? THX Sébastien -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66c4a2a7-e6f1-4730-a180-f28edb17853d%40googlegroups.com.
Re: [qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On Fri, Aug 30, 2019 at 09:02:33AM -1000, rec wins wrote: > On 8/30/19 2:40 AM, unman wrote: > > On Thu, Aug 29, 2019 at 08:58:33PM -1000, rec wins wrote: > >> On 8/29/19 1:49 AM, unman wrote: > >>> On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: > On 5/27/19 6:09 AM, Stumpy wrote: > > I am trying to use an onlykey U2F but have run into some issues like it > > showing up in dom0 and sys-usb but seems like i cant use it. > > > > in sys-usb: > > [user@sys-usb ~]$ lsusb | grep Only > > Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > > Authentication and Password Solution > > > > and in Dom0: > > [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 > > sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > > Device attach failed: > > [ralph@dom0 ~]$ > > > > I decided to go with the chrome app but even though sys-usb seems to see > > the onlykey I cant seem to attach it to the chrome appvm i made? > > > > > so in dom0 you did > $qvm-usb > > get the BDM number and do > > $qvm-usb attach chromevm sys-usb:X-X > > U2F keys will work in chromium for google logins with no > complicated passthrough setup necessary > > OTP won't , if the key does more than U2F you may need to get a > configuration application for the key and make sure it's U2F only > slot 1 , 2 etc > > >>> > >>> Have you looked at the qubes-u2f-proxy package? > >>> https://www.qubes-os.org/doc/u2f-proxy > >>> > >>> After installation in dom0 and the relevant template, you enable the > >>> service in the qube you want to use it in, and the device should then > >>> be available for use in that qube. > >>> You *dont* attach the USB device to the qube. > >>> > >>> Try that, and see how you get on. > >>> > >>> unman > >>> > >> > >> > >> attaching does work(only in chromium fwiw) even with the FF about:config > >> changes, though, apparently this isn't 'secure' so > >> > >> looking at the u2f proxy at this point > >> > >> > >> Repeat qvm-service --enable (or do this in VM settings -> Services in > >> the Qube Manager) for all qubes that should have the proxy enabled. As > >> usual with software updates, shut down the templates after installation, > >> then restart sys-usb and all qubes that use the proxy. After that, you > >> may use your U2F token (but see Browser support below). > >> > >> > >> after installing the proxy in the templates and shutting them down, and > >> restarting the appVMs based on them. there is No qvm-service to > >> do qvm-service --enable > >> > >> and/or what or where is this supposed to be 'repeated' ? > >> > >> "Repeat qvm-service --enable for all qubes that should have the proxy > >> enabled." > >> > >> sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or > >> whatever they are called now :) > >> > > "qube" is a "user friendly term for a VM" > > (https://www.qubes-os.org/doc/glossary;) > > > > qvm-service is a dom0 command line tool - you can also enable the > > service in the GUI interface as noted in the instructions. > > You enable the service for *each* qube where you want to use the proxy - > > that's the "repeat" part. > > Check the policy file in /etc/qubes-rpc/policy/ > > > > > OK seems to be operational now in FF , not sure what I was supposed to > see in /policy/ > > @dom0 ~]$ !529 > cat /etc/qubes-rpc/policy/u2f.Register > $anyvm sys-usb allow,user=root > > > u2f.Authenticate says the same > You can configure the policy file so that individual *keys* are tied to specific qubes, rather than all being available everywhere the proxy is enabled.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190830235001.GA23307%40thirdeyesecurity.org.
[qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On 8/30/19 2:40 AM, unman wrote: > On Thu, Aug 29, 2019 at 08:58:33PM -1000, rec wins wrote: >> On 8/29/19 1:49 AM, unman wrote: >>> On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: On 5/27/19 6:09 AM, Stumpy wrote: > I am trying to use an onlykey U2F but have run into some issues like it > showing up in dom0 and sys-usb but seems like i cant use it. > > in sys-usb: > [user@sys-usb ~]$ lsusb | grep Only > Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > Authentication and Password Solution > > and in Dom0: > [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 > sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > Device attach failed: > [ralph@dom0 ~]$ > > I decided to go with the chrome app but even though sys-usb seems to see > the onlykey I cant seem to attach it to the chrome appvm i made? > so in dom0 you did $qvm-usb get the BDM number and do $qvm-usb attach chromevm sys-usb:X-X U2F keys will work in chromium for google logins with no complicated passthrough setup necessary OTP won't , if the key does more than U2F you may need to get a configuration application for the key and make sure it's U2F only slot 1 , 2 etc >>> >>> Have you looked at the qubes-u2f-proxy package? >>> https://www.qubes-os.org/doc/u2f-proxy >>> >>> After installation in dom0 and the relevant template, you enable the >>> service in the qube you want to use it in, and the device should then >>> be available for use in that qube. >>> You *dont* attach the USB device to the qube. >>> >>> Try that, and see how you get on. >>> >>> unman >>> >> >> >> attaching does work(only in chromium fwiw) even with the FF about:config >> changes, though, apparently this isn't 'secure' so >> >> looking at the u2f proxy at this point >> >> >> Repeat qvm-service --enable (or do this in VM settings -> Services in >> the Qube Manager) for all qubes that should have the proxy enabled. As >> usual with software updates, shut down the templates after installation, >> then restart sys-usb and all qubes that use the proxy. After that, you >> may use your U2F token (but see Browser support below). >> >> >> after installing the proxy in the templates and shutting them down, and >> restarting the appVMs based on them. there is No qvm-service to >> do qvm-service --enable >> >> and/or what or where is this supposed to be 'repeated' ? >> >> "Repeat qvm-service --enable for all qubes that should have the proxy >> enabled." >> >> sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or >> whatever they are called now :) >> > "qube" is a "user friendly term for a VM" > (https://www.qubes-os.org/doc/glossary;) > > qvm-service is a dom0 command line tool - you can also enable the > service in the GUI interface as noted in the instructions. > You enable the service for *each* qube where you want to use the proxy - > that's the "repeat" part. > Check the policy file in /etc/qubes-rpc/policy/ > OK seems to be operational now in FF , not sure what I was supposed to see in /policy/ @dom0 ~]$ !529 cat /etc/qubes-rpc/policy/u2f.Register $anyvm sys-usb allow,user=root u2f.Authenticate says the same Stumpy did you do this : https://docs.crp.to/qubes.html need to keep the support organize or just gets too complicated IMO or are you Sebastian please bottompost unman, awokd, brendan are the ones to talk to -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cd4a8bc-4643-b539-8650-53d4eb43d6e6%40riseup.net.
Re: [qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On Thu, Aug 29, 2019 at 08:58:33PM -1000, rec wins wrote: > On 8/29/19 1:49 AM, unman wrote: > > On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: > >> On 5/27/19 6:09 AM, Stumpy wrote: > >>> I am trying to use an onlykey U2F but have run into some issues like it > >>> showing up in dom0 and sys-usb but seems like i cant use it. > >>> > >>> in sys-usb: > >>> [user@sys-usb ~]$ lsusb | grep Only > >>> Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > >>> Authentication and Password Solution > >>> > >>> and in Dom0: > >>> [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 > >>> sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > >>> Device attach failed: > >>> [ralph@dom0 ~]$ > >>> > >>> I decided to go with the chrome app but even though sys-usb seems to see > >>> the onlykey I cant seem to attach it to the chrome appvm i made? > >>> > >> > >> > >> so in dom0 you did > >> $qvm-usb > >> > >> get the BDM number and do > >> > >> $qvm-usb attach chromevm sys-usb:X-X > >> > >> U2F keys will work in chromium for google logins with no > >> complicated passthrough setup necessary > >> > >> OTP won't , if the key does more than U2F you may need to get a > >> configuration application for the key and make sure it's U2F only > >> slot 1 , 2 etc > >> > > > > Have you looked at the qubes-u2f-proxy package? > > https://www.qubes-os.org/doc/u2f-proxy > > > > After installation in dom0 and the relevant template, you enable the > > service in the qube you want to use it in, and the device should then > > be available for use in that qube. > > You *dont* attach the USB device to the qube. > > > > Try that, and see how you get on. > > > > unman > > > > > attaching does work(only in chromium fwiw) even with the FF about:config > changes, though, apparently this isn't 'secure' so > > looking at the u2f proxy at this point > > > Repeat qvm-service --enable (or do this in VM settings -> Services in > the Qube Manager) for all qubes that should have the proxy enabled. As > usual with software updates, shut down the templates after installation, > then restart sys-usb and all qubes that use the proxy. After that, you > may use your U2F token (but see Browser support below). > > > after installing the proxy in the templates and shutting them down, and > restarting the appVMs based on them. there is No qvm-service to > do qvm-service --enable > > and/or what or where is this supposed to be 'repeated' ? > > "Repeat qvm-service --enable for all qubes that should have the proxy > enabled." > > sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or > whatever they are called now :) > "qube" is a "user friendly term for a VM" (https://www.qubes-os.org/doc/glossary;) qvm-service is a dom0 command line tool - you can also enable the service in the GUI interface as noted in the instructions. You enable the service for *each* qube where you want to use the proxy - that's the "repeat" part. Check the policy file in /etc/qubes-rpc/policy/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190830124047.GA12823%40thirdeyesecurity.org.
[qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On 8/29/19 1:49 AM, unman wrote: > On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: >> On 5/27/19 6:09 AM, Stumpy wrote: >>> I am trying to use an onlykey U2F but have run into some issues like it >>> showing up in dom0 and sys-usb but seems like i cant use it. >>> >>> in sys-usb: >>> [user@sys-usb ~]$ lsusb | grep Only >>> Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor >>> Authentication and Password Solution >>> >>> and in Dom0: >>> [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 >>> sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc >>> Device attach failed: >>> [ralph@dom0 ~]$ >>> >>> I decided to go with the chrome app but even though sys-usb seems to see >>> the onlykey I cant seem to attach it to the chrome appvm i made? >>> >> >> >> so in dom0 you did >> $qvm-usb >> >> get the BDM number and do >> >> $qvm-usb attach chromevm sys-usb:X-X >> >> U2F keys will work in chromium for google logins with no >> complicated passthrough setup necessary >> >> OTP won't , if the key does more than U2F you may need to get a >> configuration application for the key and make sure it's U2F only >> slot 1 , 2 etc >> > > Have you looked at the qubes-u2f-proxy package? > https://www.qubes-os.org/doc/u2f-proxy > > After installation in dom0 and the relevant template, you enable the > service in the qube you want to use it in, and the device should then > be available for use in that qube. > You *dont* attach the USB device to the qube. > > Try that, and see how you get on. > > unman > attaching does work(only in chromium fwiw) even with the FF about:config changes, though, apparently this isn't 'secure' so looking at the u2f proxy at this point Repeat qvm-service --enable (or do this in VM settings -> Services in the Qube Manager) for all qubes that should have the proxy enabled. As usual with software updates, shut down the templates after installation, then restart sys-usb and all qubes that use the proxy. After that, you may use your U2F token (but see Browser support below). after installing the proxy in the templates and shutting them down, and restarting the appVMs based on them. there is No qvm-service to do qvm-service --enable and/or what or where is this supposed to be 'repeated' ? "Repeat qvm-service --enable for all qubes that should have the proxy enabled." sure sounds like by "qubes" what is meant is the AppVMs or TBAVM or whatever they are called now :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b048746-8ec2-f582-3673-f47bc1373c99%40riseup.net.
Re: [qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On Thu, Aug 29, 2019 at 3:02 AM rec wins wrote: > > OTP won't , if the key does more than U2F you may need to get a > configuration application for the key and make sure it's U2F only > slot 1 , 2 etc > Yubikey OTP works through a keyboard-like HID, which are blacklisted by default in Qubes. In order to directly attach a keyboard-like device to a VM you have to override this setting. See: https://www.qubes-os.org/doc/usb-qubes/#enable-a-usb-keyboard-for-login B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOajFedSWU1%2BTqk74Y%3DwjeSTV7kDgWnpPJXdr-LHRqQzOA8e_w%40mail.gmail.com.
Re: [qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On Wed, Aug 28, 2019 at 09:01:46PM -1000, rec wins wrote: > On 5/27/19 6:09 AM, Stumpy wrote: > > I am trying to use an onlykey U2F but have run into some issues like it > > showing up in dom0 and sys-usb but seems like i cant use it. > > > > in sys-usb: > > [user@sys-usb ~]$ lsusb | grep Only > > Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > > Authentication and Password Solution > > > > and in Dom0: > > [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 > > sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > > Device attach failed: > > [ralph@dom0 ~]$ > > > > I decided to go with the chrome app but even though sys-usb seems to see > > the onlykey I cant seem to attach it to the chrome appvm i made? > > > > > so in dom0 you did > $qvm-usb > > get the BDM number and do > > $qvm-usb attach chromevm sys-usb:X-X > > U2F keys will work in chromium for google logins with no > complicated passthrough setup necessary > > OTP won't , if the key does more than U2F you may need to get a > configuration application for the key and make sure it's U2F only > slot 1 , 2 etc > Have you looked at the qubes-u2f-proxy package? https://www.qubes-os.org/doc/u2f-proxy After installation in dom0 and the relevant template, you enable the service in the qube you want to use it in, and the device should then be available for use in that qube. You *dont* attach the USB device to the qube. Try that, and see how you get on. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190829114936.GA8218%40thirdeyesecurity.org.
[qubes-users] Re: Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0
On 5/27/19 6:09 AM, Stumpy wrote: > I am trying to use an onlykey U2F but have run into some issues like it > showing up in dom0 and sys-usb but seems like i cant use it. > > in sys-usb: > [user@sys-usb ~]$ lsusb | grep Only > Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor > Authentication and Password Solution > > and in Dom0: > [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42 > sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc > Device attach failed: > [ralph@dom0 ~]$ > > I decided to go with the chrome app but even though sys-usb seems to see > the onlykey I cant seem to attach it to the chrome appvm i made? > so in dom0 you did $qvm-usb get the BDM number and do $qvm-usb attach chromevm sys-usb:X-X U2F keys will work in chromium for google logins with no complicated passthrough setup necessary OTP won't , if the key does more than U2F you may need to get a configuration application for the key and make sure it's U2F only slot 1 , 2 etc -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd0e81b4-68a9-b977-0966-de4df579764a%40riseup.net.