Description of problem: When I specify an account on the command line, I have to touch the Yubikey twice before a one-time passcode is generated. Once is enough, thanks. Version-Release number of selected component: 1.1.1-1.fc37 How reproducible: seems deterministic so far Steps to Reproduce: 1: ykocli totp foo The prompt "Touch your YubiKey..." is displayed and the Yubikey blinks. 2: Touch the Yubikey. The prompt "Touch your YubiKey..." is displayed a second time and the Yubikey blinks. 3: Touch the Yubikey again. Actual results: After the second time I touch the Yubikey, a one-time passcode is generated: Entry Foo has been selected TOTP token 123456 is now in the clipboard Expected results: It should be enough to touch the Yubikey once. Yubioath-desktop never asked me to do it twice.
I'll take a look at that. I have never configured my yubikeys to require a touch for a totp code. Curious, why you would configure your yubikey to require a touch for that....
*** Bug 2162898 has been marked as a duplicate of this bug. ***
(In reply to Gerald Cox from comment #1) > Curious, why you would configure your yubikey to > require a touch for that.... To prevent malware from generating codes at will, of course. If I wouldn't require touch, then there would be no practical difference from storing the secret on an ordinary disk, SSD, USB memory or whatever. Then I could just as well use Pass-OTP or some simple script around Oathtool, and not bother with the Yubikey.
FEDORA-2023-d27c76f394 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d27c76f394
FEDORA-2023-d27c76f394 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
According to yubico, once your secret is on the key, it's safe. It can't be extracted. So that's a big difference. As far as the touch option itself, the default is "no touch". I suppose an attack is theoretically possible, but IMO for the vast majority of users, the convenience of no-touch outweighs the risk of not having it - and apparently yubico believes the same since that is the default. That said, I agree it's a good capability to add. Thanks for recommending.
FEDORA-2023-e2e6e622af has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e2e6e622af
FEDORA-2023-208b0260aa has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-208b0260aa
FEDORA-2023-208b0260aa has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-208b0260aa` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-208b0260aa See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-cdf5d80cbb has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-cdf5d80cbb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-cdf5d80cbb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-cdf5d80cbb has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.