From unknown Sat Aug 16 22:46:40 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 26 Jul 2023 19:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64882@debbugs.gnu.org, maxim.cournoyer@gmail.com X-Debbugs-Original-To: guix-patches@gnu.org, maxim.cournoyer@gmail.com Received: via spool by submit@debbugs.gnu.org id=B.16904014908522 (code B ref -1); Wed, 26 Jul 2023 19:59:01 +0000 Received: (at submit) by debbugs.gnu.org; 26 Jul 2023 19:58:10 +0000 Received: from localhost ([127.0.0.1]:50126 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qOke9-0002DO-Nz for submit@debbugs.gnu.org; Wed, 26 Jul 2023 15:58:10 -0400 Received: from lists.gnu.org ([2001:470:142::17]:60180) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qOke8-0002DA-04 for submit@debbugs.gnu.org; Wed, 26 Jul 2023 15:58:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qOke2-000187-8L for guix-patches@gnu.org; Wed, 26 Jul 2023 15:58:02 -0400 Received: from mail-qk1-x735.google.com ([2607:f8b0:4864:20::735]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qOke0-0002qT-QA for guix-patches@gnu.org; Wed, 26 Jul 2023 15:58:02 -0400 Received: by mail-qk1-x735.google.com with SMTP id af79cd13be357-765942d497fso14572285a.1 for ; Wed, 26 Jul 2023 12:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690401478; x=1691006278; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=69x4TKm470yLKS1aI0O/XBbl46ZnBrUdowPjXI9OXXw=; b=gQmISL26kdVcBYtx3lnUGPKggCor8D53SflxDWEYUMBJERPk/S+z4rDe8QIyul3x96 HvpRTNFtOMXzMXKlGYW0wZG+sc9gokDMWrcQwjbai5CzXDEYNU5X9svYw/jtckZoigZU JcaYRjkOFxdQlzhSqSpn16qZ7pQEWO7p8RpoSj4Vd4T1WZZTdjnoF+z1ZpiNl4CW8ZmS cGYWy/j43tzVqaULFistmGg0mqlav8lh4PUfMRBBwTtQODcoWJF/STA+rh28ZOTMn553 PZDWYytFWkx45fjCySKnljE6Iqn3bVP82oZS1tijTuzvBk1g12DSHO5p0A3BdA1fgkJj +VJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690401478; x=1691006278; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=69x4TKm470yLKS1aI0O/XBbl46ZnBrUdowPjXI9OXXw=; b=elC038Qfl4HH4c9jx/vbEWxPgJQ0wDILU7FJOcm7FQkJvQtqlaB1z1vFbxhrYuOrb4 /x/x5QFCF4yTZTPORYv8yjZJxc+alzp8CmBvoI5Q9B1VSf4j9LesBot/vhNvv+v0cB56 +Flo6N0Uh5ggM13zCl0zIn6Uz0JxaRWs02BThXnjaSKULPTZJoOL0BUguu8/S+ioY2vt zvB0QJjKVHOdpIKtn4acZHMZgRccEwOPVEeO8q5/5h8HkQGWipAQCtsaXSfBj6MfeKkq r3yI3+HFs1YhJXzM13v3IMeDSKRGV+Ct9BnV+4K2RZisLFQhroMSqwcUqwVs7IFfCbmW K1Yg== X-Gm-Message-State: ABy/qLb+YpohdBW6ljzcx4FWo0mSOt19wsm+SOXR04gwyMfgkL3vBH5Z +QV3dbk1ANx8cGHww2PHNcqs0p151heVDw== X-Google-Smtp-Source: APBJJlFYnhiwnJAKToXaTgdKgbdNJDnfeDP92NQ6w+9rjrhrA/YTWwSGpcTB/gIBq/9K5tWSEjghIQ== X-Received: by 2002:a0c:ab43:0:b0:63d:52a:715 with SMTP id i3-20020a0cab43000000b0063d052a0715mr2486820qvb.6.1690401478377; Wed, 26 Jul 2023 12:57:58 -0700 (PDT) Received: from localhost.localdomain (dsl-10-141-65.b2b2c.ca. [72.10.141.65]) by smtp.gmail.com with ESMTPSA id r1-20020a0c8b81000000b006364a0caaadsm5350847qva.78.2023.07.26.12.57.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jul 2023 12:57:58 -0700 (PDT) From: Maxim Cournoyer Date: Wed, 26 Jul 2023 15:56:44 -0400 Message-ID: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbus-CC: rekado@elephly.net Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::735; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qk1-x735.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) * doc/guix-cookbook.texi (Using security keys) : New subsection. --- doc/guix-cookbook.texi | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 2e58c6c795..8f2cb2369e 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -2022,6 +2022,18 @@ Using security keys ready to be used with applications supporting two-factor authentication (2FA). +@subsection Disabling OTP code generation for a Yubikey +@cindex disabling yubikey OTP +If you use a Yubikey security key and are irritated by the spurious OTP +codes it generates when inadvertently touching the key (e.g. causing you +to become a spammer in the @samp{#guix} channel when discussing from +your favorite IRC client!), you can disable it via the following +@command{ykman} command: + +@example +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP +@end example + @node Connecting to Wireguard VPN @section Connecting to Wireguard VPN base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47 -- 2.41.0 From unknown Sat Aug 16 22:46:40 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. References: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> In-Reply-To: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> Resent-From: John Kehayias Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 27 Jul 2023 18:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 64882@debbugs.gnu.org Received: via spool by 64882-submit@debbugs.gnu.org id=B64882.169048107013161 (code B ref 64882); Thu, 27 Jul 2023 18:05:01 +0000 Received: (at 64882) by debbugs.gnu.org; 27 Jul 2023 18:04:30 +0000 Received: from localhost ([127.0.0.1]:43126 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP5Li-0003QB-EH for submit@debbugs.gnu.org; Thu, 27 Jul 2023 14:04:30 -0400 Received: from mail-4316.protonmail.ch ([185.70.43.16]:37277) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP5Lf-0003Px-M5 for 64882@debbugs.gnu.org; Thu, 27 Jul 2023 14:04:29 -0400 Date: Thu, 27 Jul 2023 18:04:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1690481060; x=1690740260; bh=kQ6GE0OlUAlMXn+3G3ETKZE6/T0LIT8si4wmJxOPDAM=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=MlQrQ5uccEv7I1Hh3rsycj+91Kv9bUXNYuy5uvN2S11rUzBL3kEqvi2X5yEqWW8YI Opz0+JoJUcxo86smrqDTpBzLfB40jBahJuXzJzKeJVp5ZgKR9IliA3ukRKufG+HpEQ ugXUqV9pBjbNznybOHu5dmeO/RCuafCje9k4Nz9VeUaS/GKyAwsqT6CWvPnnEkClWW 5hd5eQVclAauURQZDwiiuag8FepfqJ3g3izHXPUyNE+8capV1vr7zLUwGO+6lrnNMT um+rFlTQtMDeBmV9t4TO0l6PoVSeLGVSq+TqzJD4a9djCm7WoZepOAHXln0H98rG6a yp65eGNPBvBcw== From: John Kehayias Message-ID: <87ila5i63v.fsf@protonmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Maxim, On Wed, Jul 26, 2023 at 03:56 PM, Maxim Cournoyer wrote: > * doc/guix-cookbook.texi (Using security keys) > : New subsection. > --- > doc/guix-cookbook.texi | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi > index 2e58c6c795..8f2cb2369e 100644 > --- a/doc/guix-cookbook.texi > +++ b/doc/guix-cookbook.texi > @@ -2022,6 +2022,18 @@ Using security keys > ready to be used with applications supporting two-factor authentication > (2FA). > > +@subsection Disabling OTP code generation for a Yubikey > +@cindex disabling yubikey OTP > +If you use a Yubikey security key and are irritated by the spurious OTP > +codes it generates when inadvertently touching the key (e.g. causing you > +to become a spammer in the @samp{#guix} channel when discussing from > +your favorite IRC client!), you can disable it via the following > +@command{ykman} command: > + > +@example > +guix shell python-yubikey-manager -- ykman config usb --force --disable = OTP > +@end example > + > @node Connecting to Wireguard VPN > @section Connecting to Wireguard VPN > > > base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47 I'm not necessarily against it, but this seems only related to yubikey management in general (on Linux), rather than anything specific to Guix. Of course, 'guix shell' is a handy way to do this, I just don't know if this is needed in the cookbook. Then again, I guess the cookbook is a way to build up associated knowledge for Guix, which won't be included directly in the manual. Otherwise, LGTM, but a user should be aware if they are using/needed OTP before disabling it. John From unknown Sat Aug 16 22:46:40 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 27 Jul 2023 19:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: John Kehayias Cc: 64882@debbugs.gnu.org Received: via spool by 64882-submit@debbugs.gnu.org id=B64882.169048595322277 (code B ref 64882); Thu, 27 Jul 2023 19:26:01 +0000 Received: (at 64882) by debbugs.gnu.org; 27 Jul 2023 19:25:53 +0000 Received: from localhost ([127.0.0.1]:43161 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP6cS-0005nE-O1 for submit@debbugs.gnu.org; Thu, 27 Jul 2023 15:25:53 -0400 Received: from mail-ot1-x332.google.com ([2607:f8b0:4864:20::332]:56521) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP6cO-0005mp-V2 for 64882@debbugs.gnu.org; Thu, 27 Jul 2023 15:25:51 -0400 Received: by mail-ot1-x332.google.com with SMTP id 46e09a7af769-6b9aadde448so1134425a34.0 for <64882@debbugs.gnu.org>; Thu, 27 Jul 2023 12:25:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690485943; x=1691090743; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=p7MmLfgz0gzGERLpEJKkql/yNz7BetIDS7TNd7gviDE=; b=o4nE9Fu1FpGCNwN3R8wFA+e5ULwKzX6dqj9gwittkrdYWHalHm5OfTAOpk0Cmvoe0D qJgmz8QCkfq/tSWTYFnLUqMPmI+24VbUna1OvOGXDw6ePcTnCXqqy0B9lm298bg1hb5+ MLp2Ufl04VQr/OKHmwSKxdoBNZbRmYHzNQ7hg9codCWAFtFk20TWt18vx95sWQtf+6Z1 m6Y4rsXcJNGWjvlZmWiVenjmxl4Upi8/ukqP+H1ZXJrZbaPQgFaF/osJ9JHyK0zGrbkV vrF4pTQO4ZufDA3I5lGc1NKsr4JPBn8gqzP7Y8vLVH5pfT2KuOi9m30w7gQtO5POw1sA vfZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690485943; x=1691090743; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=p7MmLfgz0gzGERLpEJKkql/yNz7BetIDS7TNd7gviDE=; b=Ydrmu18nk7GR+ZO879K6jqrOXzQNR87F0B1WxKi1NTIMlb/lgag+sN4XKTJ2q9E35C PzydL9sDyRjpSXohwvA1uVXiA4KmAVcXDB57wrARRXZGrbjIElBXyMaeMnbKnuTgWHLZ 40tQSdbQYynTIJUmEN6lbpa7Oz15V+5YvchFORjJYgrqPHjuPDoIuBwG8VglE7tOQB1a 7aes00qlrzNc1fSKR8nnEVBNjWnuKfcATwRdZUgHfC5uUwJSEVnzt5wGtiEx98Yfk3Fg EdU7Xik89Nnbn72WGcoWEnn+Oj8fBjVw+Lx2OhzhkFf71+ODRBlr+/GjQ5Z5s7/KRMMK +PYQ== X-Gm-Message-State: ABy/qLavJNvFzmsPegtbMvDC5X1qMsig5525ofmlVKdn488+YXPCeAqC DbEu2K6Z0gIep83xfMv/Q19BKjEkBdcfww== X-Google-Smtp-Source: APBJJlFwHZR9Zxk3VS9OSUANSIKWRf6eFSEqMcdjv+gi0SO0rFa0ceoTz9sr+pr6j8XWCl8enPbIag== X-Received: by 2002:a05:6358:2610:b0:134:d559:259a with SMTP id l16-20020a056358261000b00134d559259amr446307rwc.17.1690485942718; Thu, 27 Jul 2023 12:25:42 -0700 (PDT) Received: from hurd (dsl-205-233-124-231.b2b2c.ca. [205.233.124.231]) by smtp.gmail.com with ESMTPSA id j10-20020ac8550a000000b003eabcc29132sm629771qtq.29.2023.07.27.12.25.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Jul 2023 12:25:42 -0700 (PDT) From: Maxim Cournoyer References: <87ila5i63v.fsf@protonmail.com> Date: Thu, 27 Jul 2023 15:25:41 -0400 In-Reply-To: <87ila5i63v.fsf@protonmail.com> (John Kehayias's message of "Thu, 27 Jul 2023 18:04:12 +0000") Message-ID: <87mszhxikq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi John, John Kehayias writes: > Hi Maxim, > > On Wed, Jul 26, 2023 at 03:56 PM, Maxim Cournoyer wrote: > >> * doc/guix-cookbook.texi (Using security keys) >> : New subsection. >> --- >> doc/guix-cookbook.texi | 12 ++++++++++++ >> 1 file changed, 12 insertions(+) >> >> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi >> index 2e58c6c795..8f2cb2369e 100644 >> --- a/doc/guix-cookbook.texi >> +++ b/doc/guix-cookbook.texi >> @@ -2022,6 +2022,18 @@ Using security keys >> ready to be used with applications supporting two-factor authentication >> (2FA). >> >> +@subsection Disabling OTP code generation for a Yubikey >> +@cindex disabling yubikey OTP >> +If you use a Yubikey security key and are irritated by the spurious OTP >> +codes it generates when inadvertently touching the key (e.g. causing you >> +to become a spammer in the @samp{#guix} channel when discussing from >> +your favorite IRC client!), you can disable it via the following >> +@command{ykman} command: >> + >> +@example >> +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP >> +@end example >> + >> @node Connecting to Wireguard VPN >> @section Connecting to Wireguard VPN >> >> >> base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47 > > I'm not necessarily against it, but this seems only related to yubikey > management in general (on Linux), rather than anything specific to Guix. > Of course, 'guix shell' is a handy way to do this, I just don't know if > this is needed in the cookbook. Then again, I guess the cookbook is a > way to build up associated knowledge for Guix, which won't be included > directly in the manual. You are right that it's not specifically related to Guix, but I expects users going through setuping a Yubikey on Guix to want to know how to do that (I spent months spamming #guix with OTP codes before Ricardo shared that tip with me, so it was not easy to discover). The Cookbook as I understand it is a loose collection of knowledge of how to do things using Guix, and is distinct from the user manual. > Otherwise, LGTM, but a user should be aware if they are using/needed OTP > before disabling it. I'm not sure when OTP is useful; it's not useful for the current use case I'm using my Yubikey (which is currently the two-factor authentication on web sites). -- Thanks, Maxim From unknown Sat Aug 16 22:46:40 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. Resent-From: John Kehayias Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 27 Jul 2023 19:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 64882@debbugs.gnu.org Received: via spool by 64882-submit@debbugs.gnu.org id=B64882.169048725725157 (code B ref 64882); Thu, 27 Jul 2023 19:48:02 +0000 Received: (at 64882) by debbugs.gnu.org; 27 Jul 2023 19:47:37 +0000 Received: from localhost ([127.0.0.1]:43168 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP6xU-0006Xe-SK for submit@debbugs.gnu.org; Thu, 27 Jul 2023 15:47:37 -0400 Received: from mail-4316.protonmail.ch ([185.70.43.16]:26849) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qP6xQ-0006Wl-T5 for 64882@debbugs.gnu.org; Thu, 27 Jul 2023 15:47:35 -0400 Date: Thu, 27 Jul 2023 19:47:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1690487246; x=1690746446; bh=w2PQF76TBH7TJograovAu+mnGQMnCCftUn1Yf3w6CmM=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=aqHZYnwAzrOGmFa/y/HFlHmUptQ74/KcnJ+FNPuoSyFbKd0UiOj/Kem3TXUbCZuFT bTpQNlu3tobxqAO/1ZqmQwhw0e7Is6HL5Ws9B5pxhuodOCbOObcifiwRskMkgRVfzd kKGlmhLeyZG/2fMawY8vKBVjlSaS8O9Hksos0EDNNp1HZTF0yFos9dVDJbv7Cq7L6r L7SgV4AdIPf5QVJzqnEse8TYJXFs+nSsklF/fXGMXI57SSZMyRwKk58vnZyehnw0GQ 9cz/KpwRq3ZULmLXmcqnlZGRccN+nutIGeivacwn0yr6VDOUgab/7TOF0LLzp7sFjG kcuMLbzyXqOtw== From: John Kehayias Message-ID: <87h6ppi1c6.fsf@protonmail.com> In-Reply-To: <87mszhxikq.fsf@gmail.com> References: <87ila5i63v.fsf@protonmail.com> <87mszhxikq.fsf@gmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Maxim, On Thu, Jul 27, 2023 at 03:25 PM, Maxim Cournoyer wrote: > Hi John, > > John Kehayias writes: > >> I'm not necessarily against it, but this seems only related to yubikey >> management in general (on Linux), rather than anything specific to Guix. >> Of course, 'guix shell' is a handy way to do this, I just don't know if >> this is needed in the cookbook. Then again, I guess the cookbook is a >> way to build up associated knowledge for Guix, which won't be included >> directly in the manual. > > You are right that it's not specifically related to Guix, but I expects > users going through setuping a Yubikey on Guix to want to know how to do > that (I spent months spamming #guix with OTP codes before Ricardo shared > that tip with me, so it was not easy to discover). The Cookbook as I > understand it is a loose collection of knowledge of how to do things > using Guix, and is distinct from the user manual. > Sure. I'm not opposed, just wanted to make sure I was clear(ish) on what goes in there. I'm all for collecting more information to help out Guix users. >> Otherwise, LGTM, but a user should be aware if they are using/needed OTP >> before disabling it. > > I'm not sure when OTP is useful; it's not useful for the current use > case I'm using my Yubikey (which is currently the two-factor > authentication on web sites). I checked and I have OTP disabled on my Yubikey as well; I used 'ykman info' to see. I use it as my smart card essentially (as the keys for passwords, SSH, signing commits, etc.) as well as two-factor codes. I found this about OTP. If I remember now, it is a service that some sites will use to use your Yubikey for authentication, as I think LastPass had support for (I no longer use that). I think U2F is more ubiquitous and used more now anyway. But it is enabled by default and I would guess many people don't use it. John From unknown Sat Aug 16 22:46:40 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. References: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> In-Reply-To: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Aug 2023 14:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64882@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 64882-submit@debbugs.gnu.org id=B64882.169150606921385 (code B ref 64882); Tue, 08 Aug 2023 14:48:01 +0000 Received: (at 64882) by debbugs.gnu.org; 8 Aug 2023 14:47:49 +0000 Received: from localhost ([127.0.0.1]:37460 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTNzw-0005Yr-Qb for submit@debbugs.gnu.org; Tue, 08 Aug 2023 10:47:49 -0400 Received: from mail-ua1-x92d.google.com ([2607:f8b0:4864:20::92d]:52430) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTNzu-0005YM-6N for 64882@debbugs.gnu.org; Tue, 08 Aug 2023 10:47:46 -0400 Received: by mail-ua1-x92d.google.com with SMTP id a1e0cc1a2514c-79a41b1bccfso1595998241.0 for <64882@debbugs.gnu.org>; Tue, 08 Aug 2023 07:47:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691506060; x=1692110860; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=OWQ/Z2RV25jvmRtgF3+JzYSBkjCKjbwVn8pEgYxwif8=; b=rxGgys9IzutlIj3dPKKOJ2YIWaL+6MCnLmpI8MaAn00BvT6FIzvNMQq53yuU5Cle6h zl0L9yQMiz3RmQrU5wXB7LKOSIUSJpCFmy4RDmxbMRpWE5HDElHQ55jfJp8G2caWiqVf PtKEWFF3EVH3PN0nXLGmpIdhaq50jvZfF92J+4JXkUlGKzxiA6qfmnsRNwzNwYy+OyG7 lAifoHrFzbT/U1ZT6I3lKKYxYKGc9LcYXwp1Ns2tYBe0+biqCl+FtJDBvw/Eq3OjqMVI mAjcY6hD6habPmxXK4GykmCGd1NhudWrR3XzmBimry6oW+qFp2bIbGseT8I03CeySAJq mwig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691506060; x=1692110860; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OWQ/Z2RV25jvmRtgF3+JzYSBkjCKjbwVn8pEgYxwif8=; b=deF++WSUULvfm3dHb3TmYlWt/mcwaNgt7rABFSk187JbQ96GPxf6cWWvULCjpnBqnQ BkpsvUqfdPcUGrxwtfUnq3VopDx8HtdvoYks3q7MGdnsISEbAcmqYUmdkjpCJHmZF+q9 1cved/4L+B02Cz6WWNMZFIQKqCPgj950UfagbYuihc2caXwuOJkEnlgbluQbF2lg0fLO 8nw7IlW/PMdvhWLW8a1W7ZE6zmUrbJZk25eiBQ/KzOiga1VFCakpOPb4Q5oNcrEegcqx 4u9+jcIuRuxIMPYCGGvXPy79Tia0HTwmSAgT7Jiz+bZ2VjelYIuMRs+4b4YVoGd2ifhi OkQg== X-Gm-Message-State: AOJu0YzmBJlZrPFgWDV5USkh1urjuaL0pRNZ0XyzTPx78g582fa4563X jOSaz/kpXlFRVHYQPUXLpJ+AJ4509ZbZ4Q== X-Google-Smtp-Source: AGHT+IGMvOGwh6sOgeo39vL0dEYERCtnyRoRcd3asPdGx8hZCcY1AZgOqg1aYPA9tfcgFVkkReWlAQ== X-Received: by 2002:a05:6102:144:b0:443:5f6e:c1b5 with SMTP id a4-20020a056102014400b004435f6ec1b5mr25259vsr.18.1691506060342; Tue, 08 Aug 2023 07:47:40 -0700 (PDT) Received: from localhost.localdomain (dsl-10-130-49.b2b2c.ca. [72.10.130.49]) by smtp.gmail.com with ESMTPSA id n7-20020a0cdc87000000b0063d152e5d9asm3688009qvk.120.2023.08.08.07.47.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Aug 2023 07:47:39 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 8 Aug 2023 10:47:32 -0400 Message-ID: <910f04641befc692ff94aff69cdd200193c69fd1.1691506052.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * doc/guix-cookbook.texi (Using security keys) : New subsection. Series-to: 64882@debbugs.gnu.org Series-version: 2 Series-changes: 2 - Mention alternative using the graphical yubikey-manager-qt application --- doc/guix-cookbook.texi | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 2e58c6c795..4d85dee386 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -21,7 +21,7 @@ Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Christine Lemmer-Webber@* Copyright @copyright{} 2021 Joshua Branson@* -Copyright @copyright{} 2022 Maxim Cournoyer@* +Copyright @copyright{} 2022, 2023 Maxim Cournoyer@* Copyright @copyright{} 2023 Ludovic Courtès Permission is granted to copy, distribute and/or modify this document @@ -2022,6 +2022,24 @@ Using security keys ready to be used with applications supporting two-factor authentication (2FA). +@subsection Disabling OTP code generation for a Yubikey +@cindex disabling yubikey OTP +If you use a Yubikey security key and are irritated by the spurious OTP +codes it generates when inadvertently touching the key (e.g. causing you +to become a spammer in the @samp{#guix} channel when discussing from +your favorite IRC client!), you can disable it via the following +@command{ykman} command: + +@example +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP +@end example + +Alternatively, you could use the @command{ykman-gui} command from the +@code{yubikey-manager-qt} package and either wholly disable the +@samp{OTP} application from the USB interface or, from the +@samp{Applications -> OTP} view, delete the configuration of slot 1, +which comes pre-configured with the Yubico OTP application. + @node Connecting to Wireguard VPN @section Connecting to Wireguard VPN base-commit: 782ef67a59f4b564f16101cf23c30a3777b3f734 -- 2.41.0 From unknown Sat Aug 16 22:46:40 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#64882] [PATCH v2] doc: cookbook: Document how to disable the Yubikey OTP application. References: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> In-Reply-To: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Aug 2023 14:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64882 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64882@debbugs.gnu.org Cc: john.kehayias@protonmail.com, Maxim Cournoyer Received: via spool by 64882-submit@debbugs.gnu.org id=B64882.169150626122106 (code B ref 64882); Tue, 08 Aug 2023 14:51:01 +0000 Received: (at 64882) by debbugs.gnu.org; 8 Aug 2023 14:51:01 +0000 Received: from localhost ([127.0.0.1]:37473 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTO32-0005kQ-SP for submit@debbugs.gnu.org; Tue, 08 Aug 2023 10:51:01 -0400 Received: from mail-qt1-x82c.google.com ([2607:f8b0:4864:20::82c]:60424) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTO30-0005kB-Uy for 64882@debbugs.gnu.org; Tue, 08 Aug 2023 10:50:59 -0400 Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-4039f7e1d3aso44954941cf.0 for <64882@debbugs.gnu.org>; Tue, 08 Aug 2023 07:50:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691506253; x=1692111053; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=tM9WqVOMcJRG+vgKSRm6bQBkSg36Zy95Dk1AEG1JK78=; b=jr9LTVI/xfpZbxIiuhInia6nu8tW9wVJHFs+mZ3yeIg/M/U0XdUBcaQ4o0N/8SQEP2 djxNwRZX/57GGZeafT+MAcCMw5f5H07MqQI5lPCISjFHqFyaxP1H8oIb9IzDXyTk/SKo ak5Xk+ZBsBGEx6m5oI46jupQ9IXgaRFX6AlSu1SjgyQNyLxg4FNN+0dg41vmpgmpRmww 0u6nEmoXEPVpWixXf+7Gx0h3leKfCF7gnWVuPbzMgUPnohA2QUhodym/FetFZI7qVuft GRcnopRZNum3LgG3DS3jRpT5M7tM24Lx4ZcxRcM+Mcv9PB1Cqcd89p97Hw3yY+/oYTUc TrUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691506253; x=1692111053; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tM9WqVOMcJRG+vgKSRm6bQBkSg36Zy95Dk1AEG1JK78=; b=R0+FhxCrOPG1fJLGiB02D0PBj9KcWS+05YxYsSSDvA72gVY+GXK2mK3JhPMt38yvTI sqfeQuOMWUsqSCxDp/veuV0oWs49keC+f18rjffrQ6y4YrWJN76zUi1k93PwgHgBbY9y JJ/ZN+6y9BJEO8m2FdTaqzu5hgwCnaNkWSPFkEDvBzMTr1TjjMxWXpwpnRxOEzwsgept OJOLc1KL4uBqpB9bVXuv7c/QsO+yO2IoWhViEXlhFAPO28YBl7fS6FTu7CvKVfKyLbFX TlGGLPDFkdwZOeV6SijPuGyx4xdR//WHnVQ1vhtP6G7VJC8HRlEc8msX3ZlD7NlD7beU nE/g== X-Gm-Message-State: AOJu0Yzun+UotW+ItQb76bt6+qUBlz++Qdm181hd/v8XoEQ6Qz4KWl6g 9+R53TM9iTUEqu9t0kPEbYl81H+akoauqg== X-Google-Smtp-Source: AGHT+IHg7kZ8v/4gJOktSSDX7UgVeg3CzZHKl8aXLVQfC+bT/HFr/Nl+fIL8ZvUZAMAwtUQi2HK8Jg== X-Received: by 2002:a05:622a:107:b0:405:5cf5:7bf0 with SMTP id u7-20020a05622a010700b004055cf57bf0mr19950549qtw.53.1691506252943; Tue, 08 Aug 2023 07:50:52 -0700 (PDT) Received: from localhost.localdomain (dsl-10-130-49.b2b2c.ca. [72.10.130.49]) by smtp.gmail.com with ESMTPSA id k14-20020ac8604e000000b0040fefceb8d1sm3381070qtm.20.2023.08.08.07.50.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Aug 2023 07:50:52 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 8 Aug 2023 10:50:33 -0400 Message-ID: <398929120819ad8639468de1c73835bb9af470ef.1691506232.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * doc/guix-cookbook.texi (Using security keys) : New subsection. --- Changes in v2: - Mention alternative using the graphical yubikey-manager-qt application doc/guix-cookbook.texi | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 2e58c6c795..4d85dee386 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -21,7 +21,7 @@ Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Christine Lemmer-Webber@* Copyright @copyright{} 2021 Joshua Branson@* -Copyright @copyright{} 2022 Maxim Cournoyer@* +Copyright @copyright{} 2022, 2023 Maxim Cournoyer@* Copyright @copyright{} 2023 Ludovic Courtès Permission is granted to copy, distribute and/or modify this document @@ -2022,6 +2022,24 @@ Using security keys ready to be used with applications supporting two-factor authentication (2FA). +@subsection Disabling OTP code generation for a Yubikey +@cindex disabling yubikey OTP +If you use a Yubikey security key and are irritated by the spurious OTP +codes it generates when inadvertently touching the key (e.g. causing you +to become a spammer in the @samp{#guix} channel when discussing from +your favorite IRC client!), you can disable it via the following +@command{ykman} command: + +@example +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP +@end example + +Alternatively, you could use the @command{ykman-gui} command from the +@code{yubikey-manager-qt} package and either wholly disable the +@samp{OTP} application from the USB interface or, from the +@samp{Applications -> OTP} view, delete the configuration of slot 1, +which comes pre-configured with the Yubico OTP application. + @node Connecting to Wireguard VPN @section Connecting to Wireguard VPN base-commit: 782ef67a59f4b564f16101cf23c30a3777b3f734 -- 2.41.0 From unknown Sat Aug 16 22:46:40 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Maxim Cournoyer Subject: bug#64882: closed (Re: bug#64882: [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application.) Message-ID: References: <87edk2gvp8.fsf@gmail.com> <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> X-Gnu-PR-Message: they-closed 64882 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 64882@debbugs.gnu.org Date: Thu, 17 Aug 2023 04:06:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1692245162-31071-1" This is a multi-part message in MIME format... ------------=_1692245162-31071-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #64882: [PATCH] doc: cookbook: Document how to disable the Yubikey OTP appl= ication. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 64882@debbugs.gnu.org. --=20 64882: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D64882 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1692245162-31071-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 64882-done) by debbugs.gnu.org; 17 Aug 2023 04:05:35 +0000 Received: from localhost ([127.0.0.1]:42499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qWUGM-00084G-UI for submit@debbugs.gnu.org; Thu, 17 Aug 2023 00:05:35 -0400 Received: from mail-qv1-xf2f.google.com ([2607:f8b0:4864:20::f2f]:52569) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qWUGI-000840-JA for 64882-done@debbugs.gnu.org; Thu, 17 Aug 2023 00:05:33 -0400 Received: by mail-qv1-xf2f.google.com with SMTP id 6a1803df08f44-640c5df2e6eso37671716d6.1 for <64882-done@debbugs.gnu.org>; Wed, 16 Aug 2023 21:05:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692245125; x=1692849925; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=6Jwb/xOMuPYzVqkLRgFm7A0H0CYlwKA9ERel61/ivQQ=; b=BPH3G9XdOpVZ80ttKQ1qJM/NihsbbRcTm7KAHLllY3y/OMmj/UtQ5hqYxy3G41Hkmp 5rRMPuFlvBsK1w76z6CWUybbqBGVk4OJKUjjnCNtr+8hhIfgj1g+YHJc1jEI65XDWn0A LKnb0/2a0q95qux1UYJYQ/fReSjON2Ise1EaFoPQJveX6oLvzKTbATeHwFN2gmiaBiHK HIQ+YFnNYhMgUjXXNYVb5+TapxSUaqGykcw6tuI8KY40PeVKShDhQxZHY+NW06Yc6Mxv GxLOxa9BMMqpRyHkWz2RKn66cKJkYkZicTiAItBPChFkQJSPW7SE/4QOeY8XRzpctABO qGSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692245125; x=1692849925; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6Jwb/xOMuPYzVqkLRgFm7A0H0CYlwKA9ERel61/ivQQ=; b=EOz9NPP5npbVSAbQmkQJYWFzK11JtI55/Ncz8ciOnu1l6Ah/EvtdSGeMFO+EQ4qiv6 jV2utWg2UyxJlII620nDAtdS3tpoEwPL/nh22iOCmefqLkbccli+9B8PSM3V6ZKRnmdn RPbz199FbiHRb8DDttfIfVkHY65it2SRL1Tpqpk+MdwEGXQ15sidYg+jasT3K6ifBYx7 S1an8KdM/SwCNUo4Ybi0XsvP26Pwsllewal2AGovQotAz5059xs2+J3y+6qjuhcD6I2F 0i8tT+JvVPSJwbj/32LOUo9XhESMZ2px9mZDZdZLXXa1oD0yMqXLU04TN+vXqiFY5v2G CIYQ== X-Gm-Message-State: AOJu0YwnNmRDGWOFVVU8K7cskGhXLzFKCvcVRH7gNMCocgXlgu6OhRyh 0o4D/twIaYFHVZItrQ511ydnJNXy5dBuAw== X-Google-Smtp-Source: AGHT+IEGyKZdR/UD9pGvOSbjSWcpDuJJQiz+UBfgrococ8vR9nldL9OD1xt9Twv1YekR+JySskHkxQ== X-Received: by 2002:a0c:f48b:0:b0:62d:f806:7f80 with SMTP id i11-20020a0cf48b000000b0062df8067f80mr3653471qvm.13.1692245124867; Wed, 16 Aug 2023 21:05:24 -0700 (PDT) Received: from hurd (dsl-152-182.b2b2c.ca. [66.158.152.182]) by smtp.gmail.com with ESMTPSA id w14-20020a0ce10e000000b006427145590csm623042qvk.48.2023.08.16.21.05.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 21:05:24 -0700 (PDT) From: Maxim Cournoyer To: John Kehayias Subject: Re: bug#64882: [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. References: <87ila5i63v.fsf@protonmail.com> <87mszhxikq.fsf@gmail.com> <87h6ppi1c6.fsf@protonmail.com> Date: Thu, 17 Aug 2023 00:05:23 -0400 In-Reply-To: <87h6ppi1c6.fsf@protonmail.com> (John Kehayias's message of "Thu, 27 Jul 2023 19:47:10 +0000") Message-ID: <87edk2gvp8.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 64882-done Cc: 64882-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi! John Kehayias writes: [...] >>> Otherwise, LGTM, but a user should be aware if they are using/needed OTP >>> before disabling it. >> >> I'm not sure when OTP is useful; it's not useful for the current use >> case I'm using my Yubikey (which is currently the two-factor >> authentication on web sites). > > I checked and I have OTP disabled on my Yubikey as well; I used 'ykman > info' to see. I use it as my smart card essentially (as the keys for > passwords, SSH, signing commits, etc.) as well as two-factor codes. > > I found this > about OTP. If I remember now, it is a service that some sites will use > to use your Yubikey for authentication, as I think LastPass had > support for (I no longer use that). I think U2F is more ubiquitous and > used more now anyway. But it is enabled by default and I would guess > many people don't use it. The yubikey-manager-qt package has since been added, providing a GUI to do the same, so I've expound the how-to with it, and installed the change. Thanks for the review! -- Maxim ------------=_1692245162-31071-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 26 Jul 2023 19:58:10 +0000 Received: from localhost ([127.0.0.1]:50126 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qOke9-0002DO-Nz for submit@debbugs.gnu.org; Wed, 26 Jul 2023 15:58:10 -0400 Received: from lists.gnu.org ([2001:470:142::17]:60180) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qOke8-0002DA-04 for submit@debbugs.gnu.org; Wed, 26 Jul 2023 15:58:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qOke2-000187-8L for guix-patches@gnu.org; Wed, 26 Jul 2023 15:58:02 -0400 Received: from mail-qk1-x735.google.com ([2607:f8b0:4864:20::735]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qOke0-0002qT-QA for guix-patches@gnu.org; Wed, 26 Jul 2023 15:58:02 -0400 Received: by mail-qk1-x735.google.com with SMTP id af79cd13be357-765942d497fso14572285a.1 for ; Wed, 26 Jul 2023 12:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690401478; x=1691006278; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=69x4TKm470yLKS1aI0O/XBbl46ZnBrUdowPjXI9OXXw=; b=gQmISL26kdVcBYtx3lnUGPKggCor8D53SflxDWEYUMBJERPk/S+z4rDe8QIyul3x96 HvpRTNFtOMXzMXKlGYW0wZG+sc9gokDMWrcQwjbai5CzXDEYNU5X9svYw/jtckZoigZU JcaYRjkOFxdQlzhSqSpn16qZ7pQEWO7p8RpoSj4Vd4T1WZZTdjnoF+z1ZpiNl4CW8ZmS cGYWy/j43tzVqaULFistmGg0mqlav8lh4PUfMRBBwTtQODcoWJF/STA+rh28ZOTMn553 PZDWYytFWkx45fjCySKnljE6Iqn3bVP82oZS1tijTuzvBk1g12DSHO5p0A3BdA1fgkJj +VJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690401478; x=1691006278; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=69x4TKm470yLKS1aI0O/XBbl46ZnBrUdowPjXI9OXXw=; b=elC038Qfl4HH4c9jx/vbEWxPgJQ0wDILU7FJOcm7FQkJvQtqlaB1z1vFbxhrYuOrb4 /x/x5QFCF4yTZTPORYv8yjZJxc+alzp8CmBvoI5Q9B1VSf4j9LesBot/vhNvv+v0cB56 +Flo6N0Uh5ggM13zCl0zIn6Uz0JxaRWs02BThXnjaSKULPTZJoOL0BUguu8/S+ioY2vt zvB0QJjKVHOdpIKtn4acZHMZgRccEwOPVEeO8q5/5h8HkQGWipAQCtsaXSfBj6MfeKkq r3yI3+HFs1YhJXzM13v3IMeDSKRGV+Ct9BnV+4K2RZisLFQhroMSqwcUqwVs7IFfCbmW K1Yg== X-Gm-Message-State: ABy/qLb+YpohdBW6ljzcx4FWo0mSOt19wsm+SOXR04gwyMfgkL3vBH5Z +QV3dbk1ANx8cGHww2PHNcqs0p151heVDw== X-Google-Smtp-Source: APBJJlFYnhiwnJAKToXaTgdKgbdNJDnfeDP92NQ6w+9rjrhrA/YTWwSGpcTB/gIBq/9K5tWSEjghIQ== X-Received: by 2002:a0c:ab43:0:b0:63d:52a:715 with SMTP id i3-20020a0cab43000000b0063d052a0715mr2486820qvb.6.1690401478377; Wed, 26 Jul 2023 12:57:58 -0700 (PDT) Received: from localhost.localdomain (dsl-10-141-65.b2b2c.ca. [72.10.141.65]) by smtp.gmail.com with ESMTPSA id r1-20020a0c8b81000000b006364a0caaadsm5350847qva.78.2023.07.26.12.57.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jul 2023 12:57:58 -0700 (PDT) From: Maxim Cournoyer To: guix-patches@gnu.org, maxim.cournoyer@gmail.com Subject: [PATCH] doc: cookbook: Document how to disable the Yubikey OTP application. Date: Wed, 26 Jul 2023 15:56:44 -0400 Message-ID: <5de34b432e5a0fe9cb3728184e6f7a9dd2f38eaf.1690401404.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbus-CC: rekado@elephly.net Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::735; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qk1-x735.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) * doc/guix-cookbook.texi (Using security keys) : New subsection. --- doc/guix-cookbook.texi | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 2e58c6c795..8f2cb2369e 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -2022,6 +2022,18 @@ Using security keys ready to be used with applications supporting two-factor authentication (2FA). +@subsection Disabling OTP code generation for a Yubikey +@cindex disabling yubikey OTP +If you use a Yubikey security key and are irritated by the spurious OTP +codes it generates when inadvertently touching the key (e.g. causing you +to become a spammer in the @samp{#guix} channel when discussing from +your favorite IRC client!), you can disable it via the following +@command{ykman} command: + +@example +guix shell python-yubikey-manager -- ykman config usb --force --disable OTP +@end example + @node Connecting to Wireguard VPN @section Connecting to Wireguard VPN base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47 -- 2.41.0 ------------=_1692245162-31071-1--