1

My main question is how to create an additional key (instructions Yubikey Two-factor Authentication Full-disk Encryption via LUKS ) to use if I lost the key. Should I create an additional new code on a new yubikey and add it to another slot or can it be done differently?

The question is how to set up the second yubikey device for this tutorial? should i do the same thing again but choose another LUKS Slot and then both devices will be able to unlock the system?

byggy
  • 11

1 Answers1

1

Based on this YubiKey support article:

For security, the firmware on the YubiKey does not allow for secrets to be read from the device after they have been written to the device. Therefore you cannot duplicate or back up a YubiKey or Security Key. For this reason, we recommend having a backup device and registering both with your accounts so that if one is lost or broken you can use the other to log in. [...]

LUKS-based FDE supports multiple key slots so, rather than clone a YubiKey, it would be better to register two with your devices and ensure that one key does not leave a locked location unless being registered to another device or replacing a lost device.

matigo
  • 22,138
  • 7
  • 45
  • 75
  • This I know but the question is how to set up the second yubikey device for this tutorial? should i do the same thing again but choose another LUKS Slot and then both devices will be able to unlock the system? – byggy Mar 17 '23 at 08:03
  • The original question was unclear. To answer the more specific question that you've recently written: Yes. – matigo Mar 17 '23 at 08:39