I would like to get a file from a remote system. Normally i would just scp user@computername/filename . .
However, my ssh key is on a yubikey (going through gpg) so i need to use that for the server to recognize me.
I have found documentation about using a yubikey to login to the qubes console, but nothing about using a yubikey inside a appvm (like, for example, the appvm running the ssh client).
Could I get some direction as to the general attack path one should use for this? For example, can the yubikey be connected to dom0 and forwarded to a VM like the block devices can be? or would the yubikey need to be brought through a sys-usb vm? (tangential point: for some reason the sys-usb vm does not seem to work for me when i try to move the usb devices to it).
you probably have a sys-usb VM running.
Attach your yubikey to the destination appVM like a regular block device, probably using the device widget. (make sure you installed the relevant software in the appVM template).
You can look at the appVM as a regular debian install or fedora install, so you can look for help in the manufacturer page (directed at debian or fedora)
if you have any issues with sys-usb, create a post describing what you have. Somebody here will help you.
Qubes can be a little harsh on you in the beginning. But do not give up. It will pay in the end.
i ran the sys-usb VM and somehow got my keyboard to work though that! however the yubikey did not show up in lsusb. Also the keyboard would drop keystrokes now and then.
I changed the pci devices running to sys-usb to be just pci device “02:00.0”. when i run sys-usb the pci device seems to show up inside sys-usb using lspci, but does not show the yubikey. However I also noticed that it does not seem to be showing the “root hub” for that pci device.
looks like this may be a “general usb” issue and not a yubikey issue. should I be posting this as a separate post?
