Presented by:

Karol Babioch

from Security Engineer @ SUSE

Open Source Enthusiast

No video of the event yet, sorry! Meanwhile...

YubiKeys are handy little USB tokens that allow for hardware-based cryptography, which are becoming ever more prevalent. They provide support for a great variety of cryptographic protocols and standards, and offer several modes of operations. While this makes them very versatile, it can also be somewhat confusing, especially when you are only getting in touch with them for the first time.

Recently some effort has been put into packaging and updating the software stack for YubiKeys within openSUSE, so that everything (including the latest generation of YubiKeys) are supported out-of-the box.

In this workshop we are going to cover some use-cases of the YubiKey and show in a hands-on fashion how we can setup a typical openSUSE installation (server and/or workstation) to make use of the YubiKey for authentication and/or encryption.

The following topics / use-cases will be covered:

  • Generic introduction

    • Multifactor authentication
    • Explanation of different One-Time-Password (OTP) standards (Yubico OTP, HOTP, TOTP, etc.)
    • Some explanation of U2F / FIDO2
  • Configuring YubiKeys using yubikey-manager and yubikey-manager-qt

    • Explanation of different slots and their usage
    • Using different slots for different modes / services, etc.
    • Setting up a customized slot for personal usage
  • Configuring PAM to use a YubiKey as additional factor

    • Explanation of PAM stack in general
    • Explanation of different PAM modules that are available for YubiKeys (pam_yubico, pam_u2f, etc.)
    • Configuring PAM stack to use YubiKey as additional factor (2FA)
  • Using the YubiKey as GPG smartcard

    • Explanation of GPG smartcard in general
    • Using YubiKey for signatures and encryption/decryption
    • Using gpg as ssh-agent for hardware-based SSH authentication (with remote servers, etc.)

Depending on time and interest the following topic(s) will also be covered:

  • Using the YubiKey as PIV card

    • Explanation about PIV terminology (slots, PKCS#11, X509, etc.)
    • Setting up the YubiKey as PIV smart card
  • Using the YubiKey as additional factor in various applications, e.g. OpenVPN, etc.

For this talk basic Linux knowledge will be required. You don't need to be a full-time Linux admin, but you should be able to install software packages and edit files on the command line. If you want to follow along with your own hardware, you will need a Laptop (pre-installed with Leap 15.0 or Tumbleweed) and at least one YubiKey. Everything else will be shown and explained during the workshop.

2019 May 25 - 15:00
3 h
Seminarraum 1
Desktop and Applications
Requires Registration:
Yes (Registered: 19/20)

Happening at the same time:

  1. From source to the package
  2. Start Time:
    2019 May 25 13:00

    Seminarraum 2

  3. openSUSE Leap 15.x Kernels: Status Quo
  4. Start Time:
    2019 May 25 15:00

    Saal (Main Hall)

  5. Installing openSUSE only with SaltStack
  6. Start Time:
    2019 May 25 15:00


  7. openSUSE testing - an overview
  8. Start Time:
    2019 May 25 15:30

    Saal (Main Hall)

  9. Open Build Service (OBS) development has increased exponentially
  10. Start Time:
    2019 May 25 16:00


  12. Start Time:
    2019 May 25 16:00

    Seminarraum 2

  13. SUSE Security retrospective for last year
  14. Start Time:
    2019 May 25 16:00

    Saal (Main Hall)

  15. Lighting Beer and Wein (Not Wine) Talks
  16. Start Time:
    2019 May 25 17:00

    Saal (Main Hall)