Python 3.6 (or later) library and command line tool for configuring a YubiKey. If you’re looking for the full graphical application, which also includes the command line tool, it’s here.
For more usage information and examples, see the YubiKey Manager CLI User Manual.
Usage: ykman [OPTIONS] COMMAND [ARGS]... Configure your YubiKey via the command line. Examples: List connected YubiKeys, only output serial number: $ ykman list --serials Show information about YubiKey with serial number 0123456: $ ykman --device 0123456 info Options: -v, --version Show version information about the app -d, --device SERIAL Specify which YubiKey to interact with by serial number. -l, --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL] Enable logging at given verbosity level. --log-file FILE Write logs to the given FILE instead of standard error; ignored unless --log-level is also set. -r, --reader NAME Use an external smart card reader. Conflicts with --device and list. --diagnose Show diagnostics information useful for troubleshooting. -h, --help Show this message and exit. Commands: info Show general information. list List connected YubiKeys. config Enable/Disable applications. fido Manage the FIDO applications. oath Manage the OATH Application. openpgp Manage the OpenPGP Application. otp Manage the OTP Application. piv Manage the PIV Application.
The --help
argument can also be used to get detailed information about specific
subcommands:
ykman oath --help
YubiKey Manager can be installed independently of platform by using pip (or equivalent):
pip install --user yubikey-manager
On Linux platforms you will need pcscd
installed and running to be able to
communicate with a YubiKey over the SmartCard interface. Additionally, you may
need to set permissions for your user to access YubiKeys via the HID interfaces.
More information available here.
Pre-built packages specific to your platform may be available from Yubico or third parties. Please refer to your platforms native package manager for detailed instructions on how to install, if available.
The command line tool ykman.exe is provided as part of the installer for the YubiKey Manager on Windows.
Packages for MacOS are available from Homebrew and MacPorts.
When running one of the ykman otp
commands you may run into an error such as:
Failed to open device for communication: -536870174
. This indicates a problem
with the permission to access the OTP (keyboard) USB interface.
To access a YubiKey over this interface the application needs the Input
Monitoring
permission. If you are not automatically prompted to grant this
permission, you may have to do so manually. Note that it is the terminal you
are using that needs the permission, not the ykman executable.
To add your terminal application to the Input Monitoring
permission list, go
to System Preferences → Security & Privacy → Privacy → Input Monitoring
to
resolve this.
Packages are available for several Linux distributions by third party package
maintainers.
Yubico also provides packages for Ubuntu in the yubico/stable PPA (for amd64
ONLY, other architectures such as arm should use the general pip
instructions
above instead):
$ sudo apt-add-repository ppa:yubico/stable $ sudo apt update $ sudo apt install yubikey-manager
Althought not being officially supported on this platform, YubiKey Manager can be installed on FreeBSD. It’s available via its ports tree or as pre-built package. Should you opt to install and use YubiKey Manager on this platform, please be aware that it’s NOT maintained by Yubico.
For more information about how to install packages or ports on FreeBSD, please refer to its official documentation: FreeBSD Handbook.
To install from source, see the development instructions.
Experimental shell completion for the command line tool is available, provided
by the underlying CLI library (click
) but it is not enabled by default. To
enable it, run this command once (for Bash):
$ source <(_YKMAN_COMPLETE=bash_source ykman | sudo tee /etc/bash_completion.d/ykman)
More information on shell completion is available here: https://click.palletsprojects.com/en/8.0.x/shell-completion
Note
|
If your version of the Click dependency is older than 8.0 you need to use
source_bash for the variable instead.
|