> iTerm2 has a feature called Triggers, which can execute actions based on text matching a regex in your terminal. So we could write a regex to listen for “Yubikey for” and have it run the same script, eliminating the need to press buttons altogether.
Don't do this.
Actually seriously, don't do most of this.
The fact that your computer cannot induce the yubikey to provide its key material (or evidence of the key material) is where it gets "security" from in the first place. As soon as someone can convince your computer to do something there's an increased chance they can get it to do something else.
Some suggestions:
- Wire the F14 key up separately to "the finger" (and not to wifi)
- Use a yubikey simulator[1]. If your sysadmin won't trust you with the key material inside the yubikey so you can use a simulator, they definitely won't trust yourself to emulate the simulator with the finger either.
> Before we go any further, I’d like to acknowledge the reasons for this. If a remote attacker were to compromise your laptop, being able to trigger the YubiKey from software on the computer defeats the whole point of using the YubiKey.
Don't do this.
Actually seriously, don't do most of this.
The fact that your computer cannot induce the yubikey to provide its key material (or evidence of the key material) is where it gets "security" from in the first place. As soon as someone can convince your computer to do something there's an increased chance they can get it to do something else.
Some suggestions:
- Wire the F14 key up separately to "the finger" (and not to wifi)
- Use a yubikey simulator[1]. If your sysadmin won't trust you with the key material inside the yubikey so you can use a simulator, they definitely won't trust yourself to emulate the simulator with the finger either.
[1]: https://github.com/sstelfox/yubikey-simulator