Відео

No it is not needed.

Thank you

Glad it was helpful!

The result is the very same, RDP works the same in both w10 and 11 regarding yubi and the location does not matter

@@codewrecks Yes I guess it works on baremetal. Have you tried it on VM host like on XCP-ng where you have to passthrough the Yubikey ?

It does not depend on virtualization system, remote desktop protocol is part of windows and does not care if the machine you are connecting to is on bare metal, hyper-v, ESxI or whathever.

The video is really old, if I had time I'll try to find another image suitable for such a scenario

Glad you like them!

You need to copy the shim private key, but if you create a resident key, you just need your yubikey. You use the command line utility to extract the key. ua-cam.com/video/jYb7l7mbhLM/v-deo.htmlsi=CaecHRQoAMyyGFLi

If you want to let your user log in only on VPN it should be possible, but never tried honestly

Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key. … The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key

I do not own an iPhone, so I cannot test, but it should work. On android I had problem with browser different from Chrome in the past, but with Chrome I had no problem. Which service are you trying to use the yubi with?

@@codewrecks I think it's called webauthen. Not the TOTP or passkey. I still use a password and then use the key after entering the password. I know the key is properly added to my accounts because I have no problem with a laptop.

In android I had problems using browsers different from Chrome, but on iPhone official documentation states that it should just work support.apple.com/it-it/102637 . Which service are you using? Google, Microsoft, or it does not work with any service?

I was using wrong version of openssh. After upgrading to latest beta it worked

Have you upgraded to the latest ssh version?

Is on the yubikey.

Sorry, I've updated the description. Here is the link ua-cam.com/video/zQcBIsmwuTw/v-deo.html

Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want. You can also create resident key, where you can extract the SHIM key with command line tool. I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html

Yes when some site / software is using your YubiKey to perform authentication (not 2nd factor, but using the key as sole factor of authentication) it ask you for the pin. If you got wrong for 8 times credentials inside the key are lost forever.

I’ve not renewed my plus in latest two months, so I didn’t try again

@@codewrecks I figured it out on my side, it was entirely my fault, though something I think many will encounter. If you have a popupblocker or AdBlock, both of those will block the download link from executing. I guess it is just the function being used by GPT triggers the plugins to false flag the file. I've reported it to the popupblocker and AdBlock devs.

Which environment/OS? Honestly never saw this error before.

Windows 10

I want to use yubikey for login in windows but this error is showing!!

Using key to login in Windows 10 is a thing that I never got it right for a computer that is not connected to Azure Active Directory. The reason is that for a local account you can always enter with your password, and I had also problem in configuring in a couple of computer with windows hello :(. Actually I gave up trying to use it to log on my windows 10 .

Thanks, I really got it wrong in the video.

In the repository you should find requirements.txt files that contains all the libraries that needs to be installed.

I did not tried embedding outside english and italian, so I really have no special suggestion. Actually we have embeddings specialized on english and multilingual for everythign else. I suggest starting with some industry standard (openai, cohere, etc) before trying local model. You can estabilish a baseline than you can start using some multilingual one.

Actually I had custom code and some custom prompt to force GPT to have a precise output structure. It was C# code, I asked in the prompt to include a comment with the name of the file in each snippet, then parse output to find all snippet, hope that GPT understood my instruction so I find the name of the file in the first line and so on. It was not perfect and today I really rely on Copilot directly integrated in VS code or the technique in this video if I want it to generate some longer code.

@@codewrecks Given that not everyone has access to Advanced Data Analysis and ChatGPT4 Plus, I would love to see some sample code on how you did it previously if you don't mind to share. May be a github page or something. If not, it's cool.

I did not used it for a long time, it is on one of my github repo, but I really need to test again to verify that it still works :).

If the service does not ask for a password it means that is using the key as second factor of authentication. If the service allow you to login only with the key without requiring the PIN, the service is (in my opinion) using the key in the wrong way. You should have two option Username+password then touch the key (used as 2FA) PIN+Key (FIDO2) But touching the key without requiring keyword pin is not security HAve you tried from an incognito browser tab? (Maybe you are still logged in and the site is asking only the key as 2FA)

@@codewrecks Now, when I check it on the computer, it works properly, first it verifies the pin and then the yubike. But I couldn't verify from the phone (I tried with Google). When I do it from the computer for Binance, it asks for the pin and then the yubike, but only the yubikey is enough on the phone. Is this their problem, right? Also, I installed yubico authenticator instead of authenticator and put a password there. Even if the wrong password is entered repeatedly, nothing happens. Is this normal? So, after a certain number of incorrect entries, there is no reset etc.?

@@slay1_1 If they do not require pin on the phone is their problem (but it seems strange to me because it means that they are only using 2FA part of the key). The password on yubico authenticator is used only to protect the 2FA stored inside the key, but there is not protection against incorrect entries. since it is used only for 2FA there is no need for this kind of protection. (yubico authenticator is the equivalent of google authenticator, with the sole difference that the seeds are inside your yubikey)

@@codewrecks Now I added the yubikey to the tutanota (mail service) phone application and it was added as U2f but it does not ask for my password. I think it doesn't require a password for the phone. Can you check that? Can you check if any phone app requires a password? I made the settings you made, I put a password on the fido side, I put a password on the piv side, but I did not set a password or any settings on the otp side. I made a password from the Yubico authenticator application and the password there works. I think I did something wrong or Yubikey is not working properly for the phone.

When key is used as two factor auth, it does not require the pin. What I suppose is that the application stores your credentials and uses yubikey only as 2FA. Usually all mail app on your phone does not ask credentials every time you open the app, it just stored them securely inside the phone. When you add your yubikey you are adding only the second factor, so it is normal that the pin is not requested. you should try to uninstall completely the app, reinstall again (or install in a new phone) then verify the login procedure. No application can use a FIDO2 credential inside your yubikey without entering the pin.

I do not use binance so I do not know how they are using the key. Basically if the key is used as FIDO2 SINGLE source of auth, it should ask you the pin. Combination of KEY+PIN is enough to login. What you need is configure the key only as Second factor of authentication (but since I do not know binance, I do not know if it is possible and how to do it.)

You will create agent for tasks, then it is GPT (or the LLM you want to use) that analyze the question of the user, looks at which agent it can use, and device a plan to solve user question. This lead to: a single user question will generate a unique plan. Plan is generated by LLM looking at the question of the user and the agent it can use.

​@@codewrecks@codewrecks Thank you. I saw this in a few videos later, but thanks for clarifying. What would be super interesting is if you could record a video on how to save plans and call them later, especially if it is possible to have LLM pickup from pre-saved plans So, in your example, you have a plan for transcribing a video, if you have a plan that drafts an email on a specific topic and sends it via a plug-in. It would be amazing to see how to offer those plans to LLM so it can pickup depending on what user asks Thanks

​@@James_PET Plan are not meant to be saved, because they are based on user question. What you can do is create agents that aggregate other agents. I'll explain You have three agents: extract audio, extract text from audio, summarize timeline. Now if you ask "Can you summarize video XYZ.mp4" the agent will interrogate the LLM and based on three agents devise a plan. But you can do this: Create a fourth agent, call it "Summarize Video", and internally simply call the three previous agent (or the functions that the agents call). Now that agent is actually a plan agent that is capable of doing what you requested. I did not examined the possibility to save a plan directly, it could be interesting if a user want to save it. In this situation the scenario is User ask "Can you summarize video XYZ.mp4?" He/she got a plan in return, the plan is good and it press save. Give the plan a name and a description. Then the software should add that plan as agent to the list of available agents.

I do not have an iPhone so I can't be sure, sorry

Absolutely

Thanks for reply. Greetings from Puerto Rico!

Apple adapters from usb-A to lightning does not transfer data so yubikey nano does not work :(. This is the problem with proprietary ports like lightning. Luckily enough we should have USB-C for all device now.

I usually work with SSH keys so it is a whole different technique :)

@@codewrecks thanks but ai already found a way by installing GCM on my linux machine. It works the same except for the ui

If you have only one key you are correct, if you have more than one key you can use yubikey with keepass. Using the key for keepass does not require pin, because it is just another layer of security over the standard password

Yes, absolutely

Great! Thank you for taking your time to answer 👍

Can you share the whole yaml configuration file?

Yes, GPG PIN is a different pin

Password manager where you keep pin and puk must be not protected with the yubi. Also I wrote them and store in my house

@@codewrecks does that mean that you have two passwort managers?

Yes, I have a keepass archive protected with yubikey, that is the important one. Then I have bitwarden with pin/puk and some less important stuff protected with a long password and Yubikey. I have 4 yubikey configured, so I'm pretty sure I'll not be cut off.

@@codewrecks lol that's a bit too much for my taste

@@Golden2Talon Yeah you are probably right :D :D. But I have some credentials that are for customers VPN / Account where I'd like to have maximum security, and I'd like not to mix with other credentials that are everyday usage (like the shop where I buy food for pets) That allows me to choose settings for argon2 in keepass that makes the archive more secure, but virtually very difficult to open on a device :).

That is the reason why you need at least two keys so you can remove passwords and be sure you will not be locked out

Thanks a lot for your kindly words.

IMHO: 2 is minimum number that I'd like to have. 3 is better, but you can easily live with 2.

Actually the application does not have a password, this is mainly because no operation is present to extract keys or other sensitive information. All you can do is reset the key or setting the pin the first time.

My bad, it is indeed 8 tentatives, with a different warning approaching 8