You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cached: a touch is not needed if the YubiKey had been touched in the last 15 seconds, otherwise a touch is needed
Only suggesting as I ended up in this situation
Generated a key using yubikey-agent
Deployed it to a bunch of servers
Discovered that when doing a set of git actions that connect to GitHub 3 or 4 times, the always touch policy that the key was generated with requires touching the yubikey 4 times in a row to make 4 connections
It's very possible though that choosing the always touch policy is intentional and there's a good security story for this choice in which case feel free to disregard my suggestion.
The text was updated successfully, but these errors were encountered:
gene1wood
added a commit
to gene1wood/yubikey-agent
that referenced
this issue
Dec 3, 2023
This will change the key that's generated when running `yubikey-agent -setup` to a key
with a touch policy of "cached". This will mean that "a touch is not needed if the YubiKey had been touched in the last 15 seconds, otherwise a touch is needed"
FixesFiloSottile#146
Would it make sense to have the
-setup
argument default to using thecached
touch policy instead of thealways
policy?https://github.com/FiloSottile/yubikey-agent/blob/2e5376c5ec006250c12c1b6de65fa91de9afe687/setup.go#L143C20-L143C37
Only suggesting as I ended up in this situation
yubikey-agent
git
actions that connect to GitHub 3 or 4 times, thealways
touch policy that the key was generated with requires touching the yubikey 4 times in a row to make 4 connectionsIt's very possible though that choosing the
always
touch policy is intentional and there's a good security story for this choice in which case feel free to disregard my suggestion.The text was updated successfully, but these errors were encountered: