Configure YubiKey Nano to not send key press automatically:
Assuming your YubiKey Nano is already actively sitting in a USB slot, ensure you have ‘ykpers’ RPM, to get the ykinfo
tool:
$> rpm -qf ``which ykinfo``
ykpers-1.18.0-2.fc26.x86_64
Run it to get all the information like active slots:
$> ykinfo -a
serial: 2816141
serial_hex: 2af88d
serial_modhex: dlvjjt
version: 2.4.3
touch_level: 2817
programming_sequence: 1
slot1_status: 1
slot2_status: 0
vendor_id: 1050
product_id: 10
The tool to configure YubiKey Nano to not automatically send the key is ykpersonalize
.
(NB: In my case above, the slot-1 was active, that’s why I chose “-1” below.)
Do a dry run of the magic incantation:
$> ykpersonalize -u -1 -o-append-cr -d
Firmware version 2.4.3 Touch level 2817 Program sequence 1
Configuration data to be updated in key configuration 1:
fixed: m:
uid: 000000000000
key: h:00000000000000000000000000000000
acc_code: h:000000000000
ticket_flags:
config_flags:
extended_flags: ALLOW_UPDATE
Commit? (y/n) [n]: y
Not writing anything to key due to dry_run requested.
Since the above works, now re-run, this time, without the dry-run option (-d):
$> ykpersonalize -u -1 -o-append-cr Firmware version 2.4.3 Touch
level 2817 Program sequence 1
Configuration data to be updated in key configuration 1:
fixed: m: uid: 000000000000 key: h:00000000000000000000000000000000
acc_code: h:000000000000 ticket_flags: config_flags: extended_flags:
ALLOW_UPDATE
$> echo $? 0
Test it by tapping the YubiKey Nano, now you shouldn’t see an automatic key press.