Skip to content(if available)orjump to list(if available)

Show HN: yknotify – Notify when YubiKey needs touch on macOS

Show HN: yknotify – Notify when YubiKey needs touch on macOS

14 comments

·February 12, 2025
Visit

moribvndvs

Interesting. I haven’t had this problem, because every time I need to touch the yubikey macOS pops a giant fucking dialog that requires 2-3 clicks before it lets me tap it.

throitallaway

Interesting project, but I can't say I've ever wondered whether or not it's time to touch my Yubikey. Authenticating with a token is a very intentful process.

noperator

I've found that when I'm cloning submoduled private repos via YK-backed SSH key, I'll need to touch multiple times but there's not always text in the terminal notifying me to do so. Easy to miss the small flashing green light.

gtirloni

Is it possible to add it to ssh-agent once?

wkat4242

I have because I use it for a ton of stuff. Password manager, sudo locally, ssh logins, sudo remotely, openpgp decrypt etc.

It happens sometimes that I forget that's what it's waiting for. I'm no longer on Mac though. I have KDE. I don't always see the key flashing either because sometimes it's buried under the mess on my desk (I know...)

It's a bit annoying that yubikeys don't just trigger a hid event or something, as far as i understand the only way to tell is by looking for some obscure log entries.

likeabatterycar

Yubikey is an event based token. You tap it with explicit intent. If you aren't expecting to tap it, then the fail safe is you don't. It works that way by design.

You can't use a screwdriver handle as a hammer then complain it doesn't work to your expectations.

noperator

I just like to be notified when I need to tap something with explicit intent.

immibis

Shouldn't you only touch your YubiKey when you've just done something that you know requires you to touch your YubiKey? Otherwise, you're just authenticating anything that asks, including the virus.

WhyNotHugo

For Linux, see: https://github.com/maximbaz/yubikey-touch-detector

philsnow

I only wanted to say I appreciate the F-clef in your shell prompt:

  𝄢 yknotify
  {"ts":"2025-02-12T20:09:03Z","type":"FIDO2"}
  {"ts":"2025-02-12T20:09:14Z","type":"OpenPGP"}

pimlottc

Must be a bass shell user

null

[deleted]

wutwutwat

sweet, I can't wait to download something that will scan my system's logs looking for specific security signals, and then take action when it sees certain ones!

/s

Joking aside, as others have said. I've never been shocked to learn something was waiting for my touch because it's always a thing I've initiated and am usually saying "cmon cmon" while waiting for the key to become ready _for_ me to touch it.

If you want to write a program that notifies my yubikey that a human is waiting for it to light up so they can touch it, then we'll be talking :)