Hi All,
I am very new to Qubes, and getting on quite well so far. But I am now stuck on try setup my Yubikey’s. I need to use my Yubikey, for use with the Yubico 2FA app, some website logins, for use with Keepass, and also eventually for qubes login authentication. I have been searching for a week, and still can’t find an explanation of how to do this. I don’t want to just try every blog post that I see, as I don’t want to mess up my qubes installation. Can anyone point me in the right direction?
Thanks
Avienda
1 Like
Thanks for the reply, but it failed at the first hurdle
[UserOne@dom0 ~]$ sudo qubes-dom0-update qubes-ctap-dom0
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time…
Qubes OS Repository for Dom0 2.9 MB/s | 3.0 kB 00:00
No match for argument: qubes-ctap-dom0
Error: Unable to find a match: qubes-ctap-dom0
Any thoughts??
Which version of Qubes OS are you using @AviendaGarcia ?
This is my version
[UserOne@dom0 ~]$ cat /etc/qubes-release
Qubes release 4.1 (R4.1)
I have just seen that there is release 4.2 now, the install that I have came with my new Purism Laptop. I have not installed much, do you think that its worth updating to 4.2??
I guess for Qubes OS 4.1 the package has the old name qubes-u2f-dom0 and maybe it’s better to follow old guide:
qubes-doc/user/security-in-qubes/u2f-proxy.md at b6450f7aa0b74dc9ef90248d1d9f41abc6ce4a78 · QubesOS/qubes-doc · GitHub
But I’m not sure.
It’s better to upgrade to the current stable version Qubes OS 4.2, the Qubes OS 4.1 will be EOL on 2024-06-18:
Supported releases | Qubes OS
How to upgrade to Qubes 4.2 | Qubes OS
Thanks, I will try updating qubes first then have another go at getting the Yubikey working
This is very much why I asked, I thought I remembered some packages and docs changing names recently.
And FWIW that would be what I’d do as well: updating Qubes OS, then following the most recent guides. 
Hi,
Sorry for late response to my issue, I only work on this new laptop on Saturdays. So I have upgraded to Qubes release 4.2.1 (R4.2).
I then tried to ctap install, and this is the response. It couldn’t update something, and it says that I already have a version of ctap installed for fedora 37, but during the 4.2.1 upgrade my fedora version is now 39.
Should it update the ctap module to a fedora version 39, can it be used as it is?
below is the terminal output
sudo qubes-dom0-update qubes-ctap-dom0
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time…
Unable to detect release version (use ‘–releasever’ to specify release version)
Fedora 37 - x86_64 8.6 MB/s | 70 MB 00:08
Fedora 37 - x86_64 - Updates 1.6 MB/s | 43 MB 00:26
Qubes Host Repository (updates) 634 kB/s | 2.0 MB 00:03
Last metadata expiration check: 0:00:02 ago on Sat Apr 27 12:55:09 2024.
Package qubes-ctap-dom0-2.0.5-1.fc37.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
No packages downloaded
Qubes OS Repository for Dom0 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository ‘qubes-dom0-cached’:
- Curl error (37): Couldn’t read a file:// file for file:///var/lib/qubes/updates/repodata/repomd.xml [Couldn’t open file /var/lib/qubes/updates/repodata/repomd.xml]
Error: Failed to download metadata for repo ‘qubes-dom0-cached’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: qubes-dom0-cached
Package qubes-ctap-dom0-2.0.5-1.fc37.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
You can use it as it is.
You’ve installed ctap in dom0 and it’s based on fedora-37 in Qubes OS 4.2. Only your TemplateVM is fedora-39.
Ah I see thanks very much, do you happen to know how to install the yubico app?
I never used Yubikey so I don’t know.
You can search this forum for info about it.
But in general you can download the app installer from their website and install Yubico Authenticator in your yubikey TemplateVM as in any other Linux and then create AppVM from this template to use the app in AppVM.
FYI, I got the yubico app running in its own vm, then you can just attach the yubikey to it using the device manager and then it works fine