Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3140
Views
2
Helpful
5
Replies

Unable to get Yubikey 4 to work with Duo

Go to solution
rjohnston3
Level 1
Level 1

‎09-29-2017 05:11 PM

We just purchased a batch of Yubikey 4s and I am unable to get mine to work with Duo. I’m following YubiKeys | Duo Security. It works on the Yubico website if I upload the config to Yubico. I’ve regenerated a half-dozen times or more with no luck.

I even tried configuring as 6-digit HOTP and it didn’t work. In 6-digit HOTP mode I noticed it emits lots more than 6 digits (I believe it is sending the public and/or private identifier before the 6-digit code). I had it put three codes into my text editor, stripped all but the last 6 digits from them and successfully resynced the token, so it looks like it works for anything but logging in. (I tried the 6 digit trick for logging in, too - no luck).

I can’t tell if the Yubikey OTP mode generates too many characters - I don’t know what Duo is expecting.

Any ideas?

Thanks!

…Ralph

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rjohnston3
Level 1
Level 1

‎10-04-2017 12:20 PM

It turns out that the issue was that I was using the Duo Admin Panel to test. When I created an RDP Duo application, it worked just fine. I can see now that there are very few choices for 2FA for admins.

Thanks!

…Ralph

View solution in original post

5 Replies 5

Go to solution
Dooley
Level 3
Level 3

‎10-04-2017 11:07 AM

Hi Ralph, this sounds like the Yubikeys may not have been added correctly in the Duo Admin Panel. If you are still not able to get them working after removing them and following the /docs page again, please contact our Support Team.

0 Helpful

Go to solution
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Level 1
Level 1

‎10-04-2017 11:32 AM

Remember you have to rewrite to the YubiKey after you regenerate it. That tripped me up a couple times.

I used this YouTube video and was successful in getting mine setup:

tim

Go to solution
rjohnston3
Level 1
Level 1

‎10-04-2017 12:20 PM

It turns out that the issue was that I was using the Duo Admin Panel to test. When I created an RDP Duo application, it worked just fine. I can see now that there are very few choices for 2FA for admins.

Thanks!

…Ralph

Go to solution
Dooley
Level 3
Level 3
In response to rjohnston3

‎10-04-2017 12:42 PM

Ah, gotcha. Thanks for letting us know about the solution! And we’re looking to expand admin login functionality in the future, but no ETA was can share at this time.

0 Helpful

Go to solution
Matthew_Cuttler
Level 1
Level 1
In response to rjohnston3

‎10-04-2017 01:24 PM

Once you have a working Yubikey imported into the admin console, an administrator can go in to the ‘Administrators’ tab in the admin console and associate a Yubikey with an user. Afterwards that user can log in to the admin console with ‘enter a code’ by pressing the YubiKey.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents