... | ... | @@ -195,6 +195,32 @@ yet. Google's Titan key was also an option but only supports 2FA (not |
|
|
OpenPGP or SSH), see the [other alternatives](#other-alternatives) section for more
|
|
|
details.
|
|
|
|
|
|
### My Yubikey squirts out an OTP code when I accidentally touch it
|
|
|
|
|
|
There are several ways to deal with this issue. Since we don't use Yubico OTP in
|
|
|
Tor, the easiest solution is to simply disable the OTP app on the USB interface.
|
|
|
|
|
|
First, ensure the Yubikey is inserted in one of your USB ports.
|
|
|
|
|
|
On the command-line, you can install the `yubikey-manager` package and run the
|
|
|
command below:
|
|
|
|
|
|
ykman config usb --disable otp
|
|
|
|
|
|
This program is also available with a GUI, installed with `yubikey-manager-qt`
|
|
|
on Debian-based systems. Installers for other platforms such as Windows and
|
|
|
MacOS can be downloaded from the [Yubico website download page](https://www.yubico.com/support/download/yubikey-manager/).
|
|
|
|
|
|
The procedure with the Yubikey Manager GUI is to open the program, click the
|
|
|
`Interfaces` tab, and under `USB`, uncheck `OTP` and click `Save interfaces`.
|
|
|
|
|
|
Once this is done, OTP will remain disabled until it's manually re-enabled.
|
|
|
|
|
|
If you want to conserve the ability to generate Yubico OTP codes, there are two
|
|
|
options: either disable sending the `<Enter>` character using `ykman otp
|
|
|
settings --no-enter 1`, or swap the OTP to slot 2, which requires a sustained
|
|
|
2-second touch to activate, with `ykman otp swap`.
|
|
|
|
|
|
## Pager playbook
|
|
|
|
|
|
<!-- information about common errors from the monitoring system and -->
|
... | ... | |