Yubikey and PasswordSafe for Linux

OMG
2012-05-14
2015-06-19
  • OMG
    OMG
    2012-05-14

    I'm looking for a password manager for linux with OTP:

    • Does PasswordSafe in Linux Beta support Yubikey?
    • On which distro is it tested?
    • Has anyone a Yubikey with PasswordSafe (Linux Beta) as productive password manager? Please share your experiences...

    Thank you.

     
  • drew-e
    drew-e
    2012-05-21

    As far as I can tell the Linux Beta does not support Yubikey.

    Does anybody know when Yubikey will be supported in the Linux version?

     
  • gavind
    gavind
    2012-06-05

    Any luck on this drew?

     
  • drew-e
    drew-e
    2012-06-05

    Nope! I haven't heard a word.

     
  • drew-e
    drew-e
    2012-06-13

    It's been a month without a response from the developers. I contacted Yubico
    the manufacturer and go this response.

    We have contacted the main Password safe developer, he is currently working on
    newer version of the PasswordSafe (for the windows which will include the
    YubiKey function in the main development trunk). When this is done, he has
    indicated he will resume work on the Linux version of Password safe.

    In other words, don't hold your breath! Nobody is working on it. They may get
    around to it some day.

     
  • DrK
    DrK
    2012-06-13

    PasswordSafe is an Open Source project. Developers work on this as and when
    they can. It is not their "day job". PasswordSafe is free. Anything they do is
    because they want to, they are interested in the project and application or
    generally want to help. It doesn't put food on their tables or pay the
    electricity bills!

    If this doesn't fit with you expectations, then I suggest that you buy a
    different product where your fees do contribute to the developers' livelihoods
    and you should expect support in relation to the amount you pay for the
    product.

     
  • drew-e
    drew-e
    2012-06-13

    Sorry!

    It's really Yubico I am most upset with. Their web page for the product they
    sold indicates PasswordSafe support.

    If they are selling products based on yours they should be supporting your
    project with a lot more than just a free YubiKey for development purposes.
    Many open source projects are supported by businesses that make money bundling
    open source software with their products.

    All you had to do was reply to the initial message in this thread with:

    • Does PasswordSafe in Linux Beta support Yubikey?

    No.

    This is planned for a future release of the Linux software. We will not begin
    work on this until the next release of the windows software is complete.

     
  • Rony Shapiro
    Rony Shapiro
    2012-06-13

    • Does PasswordSafe in Linux Beta support Yubikey?

    No.

    This is planned for a future release of the Linux software. We will not begin
    work on this until the next release of the windows software is complete.

    There, feel better now? :-)

    Seriously, I didn't reply because I thought I would be able to be less vague
    once the current Windows release stabilizes. By the time that happened, this
    sort of slipped my mind.

    Rony

     
  • I know this is an old thread, but it is exactly my question and I know there has been work on this.

    What is the current status?

    I downloaded the latest BETA (0.95 build Feb 8, RPM pkg) and it looks fine, except for when I go to Manage > Yubikey, it says, "Please insert your YubiKey" and when I do that, nothing happens. I'm asking because I can't really tell if it's a problem with Linux, my NEO, my NEO configuration, or PasswordSafe.

     
  • RT
    RT
    2015-04-07

    I'd be interested in knowing this, too. I think I need 2FA so am about to get a Yubikey NEO. Also, thinking of fully switching from Windows to Linux, but I'd miss not having Password Safe and don't want to waste an investment in the Yubikey if it doesn't work with Linux.

     
  • Rony Shapiro
    Rony Shapiro
    2015-04-07

    PasswordSafe's Linux port should work with Yubikeys, including Neo. Note that it depends on packages from Yubico, which need to be up-to-date.

    Let me know what distro your switching to, and if 32 or 64 bits, and I'll verify specifically.

     
    • Thanks for your help, Rony!

      Oh, that's great news! I'll keep trying, but it doesn't seem to work for me; I'm using Fedora 21:

      libyubikey-1.11-3.fc21.x86_64
      pam_yubico-2.14-3.fc21.x86_64
      yubikey-personalization-gui-3.1.11-4.fc21.x86_64
      ykpers-1.16.1-1.fc21.x86_64

      I'm assumed Fedora as up-to-date libyubikey packages. (I thought they required YubiKey for all package maintainers?)
      I'm more than happy to test if you have ideas!

       
      • Hi Rony,

        I just checked again and I have the latest BETA package installed, too:

        pwsafe-0.95.1BETA-3.x86_64

        Also, I used the yubikey-personalization-gui to check that the challenge-response mechanism. I don't really know what to expect, but the GUI recognizes when I insert the yubikey and the challenge-response mechanics work without error.

        I'm trying to follow the doc on the YubiCo web-site for setting up pwsafe and it shows a "YubiKey" button and I don't see that when I create a new database or try to change an existing one. See the attachment.

        Can you tell what am I missing?

         
        • Sorry to keep on this, but I still haven't figured out how to make YubiKey work with psafe for Linux. Can anyone help?

           
        • Hi Rony,

          I'm more than willing to do any troubleshooting. Please help! You're my only hope.

           
          • Rony Shapiro
            Rony Shapiro
            2015-04-27

            OK, here's what just worked for me on a Fedora21 VM:

            1. Download and install this version: http://pwsafe.org/tmp/pwsafe-0.96BETA-3.x86_64.rpm
            2. Create a new database without clicking on the Yubikey button
            3. Configure the Yubikey (Manage-Yubikey... Generate, then Set YubiKey)
            4. Change the database's password:
              1. Manage->Change Safe Combination
              2. Enter the current safe combination (master password) in Old Safe Combination
              3. Enter new one + confirmation (or leave empty if you only want yubikey authentication)
              4. Click on lower YubiKey button, then on the YubiKey (which should be flashing)
            5. Save the database

            Next time you open the database, you should be able to use the YubiKey.

             
            • Thanks so much for you help!

              Wow, sorry, I hope I didn't make you roll a new version. Your instructions helped me see that pwsafe really is detecting my Yubikey. I didn't get it to work, but I think I'm close.

              Here's my question, but read on to understand how I came to ask you this: What does the Set Yubikey button do in Manage>Yubikey, exactly? I already configured challenge-response on slot 2 and I have the secret key for that. I don't want to change that key nor do I want to overwrite slot 1.

              Here's what happened when I followed your instructions:
              Firstly, the RPM gave me an error, though I know it isn't is related to the problem I'm having.

              $ sudo -i rpm -Uvh $PWD/pwsafe-0.96BETA-3.x86_64.rpm
              Preparing... ################################# [100%]
              Updating / installing...
              1:pwsafe-0.96BETA-3 ################################# [ 50%]
              Cleaning up / removing...
              2:pwsafe-0.95.1BETA-3 ################################# [100%]
              /var/tmp/rpm-tmp.2bMEMv: line 2: fg: no job control
              /var/tmp/rpm-tmp.2bMEMv: line 3: fg: no job control
              warning: %postun(pwsafe-0.95.1BETA-3.x86_64) scriptlet failed, exit status 1

              I proceeded with your instructions, anyway. Unlike before, I now notice that pwsafe detects when I insert the yubikey; it directs me to click the Yubikey button, were as, before, it just said to insert the key.

              However, when I click the button it says to touch the yubikey, but then it says "timeout" weather I touch the button or not. It seemed very quick, too, so I wasn't sure it was really waiting long enough or if I was too slow. But, I tried a bunch, so I don't think I was too slow.

              I was a little confused by all of this because I set up my slot 2 to challenge-response with the option: do not wait for key press. So, when it asked me to touch the yubikey, I didn't know what to make of that.

              Since there were rpm errors, I erased the rpm (which gave the same errors as the RPM upgrade) and installed the new one you posted, fresh, and that gave no errors. Then I tried again with a new db, but got the same results.

              I could be confused because the Yubico web-site documentation on how to use yubikey & passwordsafe says to configure challenge-response (HMAC-SHA1) mode and so I did that. I got that working with passwordsafe, but using the Windows passwordsafe program. Perhaps this is all my own confusion because I assumed it worked the same on both platforms.

              Sorry for the long post. Does this make sense?

               
              • I tried your latest version of 0.96BETA-3 posted on sourceforge and I get the same behavior.

                Has anyone else got PWSafe working with Yubikey HMAC-SHA1 on Linux?

                 
  • Sherif Afifi
    Sherif Afifi
    2015-04-10

    i am trying to install pwsafe-0.95.1BETA-3.x86_64.rpm on RHEL6 & RHEL5 there are many Dependency needed i tried to download them but didn't work, any one tried to install it on RHEL 5 & 6 ? if yes can you share what exactly i need to do ? or at least how i can compile it , or send me the missing files?

    below list of files needed while the installation , thanks so much for your help

    rpm -iHv pwsafe-0.95.1BETA-3.x86_64.rpm

    error: Failed dependencies:
    libc.so.6(GLIBC_2.14)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libstdc++.so.6(CXXABI_1.3.8)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libstdc++.so.6(GLIBCXX_3.4.15)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libstdc++.so.6(GLIBCXX_3.4.20)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_baseu-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_baseu-3.0.so.0(WXU_3.0)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_baseu_net-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_baseu_net-3.0.so.0(WXU_3.0)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_baseu_xml-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_adv-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_adv-3.0.so.0(WXU_3.0)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_core-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_core-3.0.so.0(WXU_3.0)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_html-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_html-3.0.so.0(WXU_3.0)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_qa-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_webview-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libwx_gtk3u_xrc-3.0.so.0()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libxerces-c-3.1.so()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libykpers-1.so.1()(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libykpers-1.so.1(LIBYKPERS_1.0)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libykpers-1.so.1(LIBYKPERS_1.4)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libykpers-1.so.1(LIBYKPERS_1.5)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64
    libykpers-1.so.1(LIBYKPERS_1.7)(64bit) is needed by pwsafe-0.95.1BETA-3.x86_64

     
    Last edit: Sherif Afifi 2015-04-10
  • Rony Shapiro
    Rony Shapiro
    2015-04-11

    I don't have access to RHEL, but 5 and 6 are pretty old, so I'm not surprised that the needed packages aren't available, at least in the required versions.
    You might have better luck with older version of the PasswordSafe RPM.

     
    • Sherif Afifi
      Sherif Afifi
      2015-04-11

      thanks rony so much, can you till me which version i can use and they can work ?

       
  • Rony Shapiro
    Rony Shapiro
    2015-04-11

    0.9 is the first with Yubi support for Linux. Good luck!

     
    • Sherif Afifi
      Sherif Afifi
      2015-04-11

      thaks so much i will try it. bu the way i tried 095 on RHEL 7 and 7.1 it didnt work too

      yum install pwsafe-0.95.1BETA-3.x86_64.rpm

      Loaded plugins: langpacks, product-id, subscription-manager
      This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
      Examining pwsafe-0.95.1BETA-3.x86_64.rpm: pwsafe-0.95.1BETA-3.x86_64
      Marking pwsafe-0.95.1BETA-3.x86_64.rpm to be installed
      Resolving Dependencies
      --> Running transaction check
      ---> Package pwsafe.x86_64 0:0.95.1BETA-3 will be installed
      --> Processing Dependency: libstdc++.so.6(CXXABI_1.3.8)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4.20)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_baseu-3.0.so.0(WXU_3.0)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_baseu_net-3.0.so.0(WXU_3.0)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_adv-3.0.so.0(WXU_3.0)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_core-3.0.so.0(WXU_3.0)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_html-3.0.so.0(WXU_3.0)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libykpers-1.so.1(LIBYKPERS_1.0)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libykpers-1.so.1(LIBYKPERS_1.4)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libykpers-1.so.1(LIBYKPERS_1.5)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libykpers-1.so.1(LIBYKPERS_1.7)(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_baseu-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_baseu_net-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_baseu_xml-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_adv-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_core-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_html-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_qa-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_webview-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libwx_gtk3u_xrc-3.0.so.0()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libxerces-c-3.1.so()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Processing Dependency: libykpers-1.so.1()(64bit) for package: pwsafe-0.95.1BETA-3.x86_64
      --> Finished Dependency Resolution