NAME¶
yubioath - Yubico Authenticator command line interface
SYNOPSIS¶
yubioath [OPTIONS] COMMAND [ARGS]...
DESCRIPTION¶
The Yubico Authenticator is a graphical desktop tool for
generating Open AuTHentication (OATH) event-based HOTP and time-based TOTP
one-time password codes, with the help of a YubiKey that protects the shared
secrets.
OPTIONS¶
yubioath has the following options:
-v, --version
Prints the version of the application and exits.
-h, --help
Shows a list of available sub commands and
arguments.
-R, --remember
Save any password given for a YubiKey to avoid having to
enter it in again.
-r, --reader READER
Name to match smartcard reader against (case
insensitive).
COMMANDS¶
yubioath supports multiple commands, each with its own options, in
addition to the global options:
show [OPTIONS] [QUERY]¶
Display one or more one time codes calculated by the YubiKey.
-s1, --slot1 DIGITS
Calculate and show a one time code from slot 1,
displaying DIGITS number of digits.
-s2, --slot2 DIGITS
Calculate and show a one time code from slot 2,
displaying DIGITS number of digits.
-t, --timestamp TIMESTAMP
Use the user provided TIMESTAMP instead of the system
clock.
-h, --help
Shows additional help for the sub command.
QUERY
A filter string to match credential names against. If
given, only credentials containing the QUERY substring will be displayed. For
HOTP credentials, codes will only be calculated when given a QUERY which
uniquely specifices the credential as to avoid unwanted counter
incrementation.
put [OPTIONS] KEY¶
Load and store a credential into the YubiKey.
-S, --destination DEST
Where DEST is one of:
•0 the main applet (default).
•1 the YubiKey standard slot 1.
•2 the YubiKey standard slot 2.
-N, --name NAME
The name to give the credential. When giving a name with
an issuer, the issuer and name should be separated by a colon:
issuer:name. Not applicable to slot-based credentials.
-A, --oath-type ALGORITHM
OATH algorithm to use. Should be one of totp
(default) and hotp. Not applicable to slot-based credentials.
-D, --digits DIGITS
The number of digits to output when generating codes.
Should be 6 (default) or 8. Not applicable to slot-based
credentials.
-I IMF, --imf IMF
The initial value to store for the counter. Only
applicable for HOTP credential. Not applicable to slot-based
credentials.
-T, --touch
When set, the slot will require the user to press the
button on the YubiKey before calculating a code. Only applicable to
slot-based credentials.
-h, --help
Shows additional help for the sub command.
KEY
Either a base32 encoded key to use as the secret for the
credential, or an
otpauth:// URI containing the parameters of the credential.
When a URI is given the other options are not needed, but can be used to
override parameters in the URI, if needed.
delete NAME¶
Deletes a credential from the main OATH credential storage.
NAME
A filter string that uniquely identifies the credential
to delete.
password SUBCOMMAND [OPTIONS]¶
Manage the access password of the OATH applet.
set
Sets a new password for the YubiKey.
unset
Unsets the current password, so that the YubiKey does not
require a password to be used.
forget
Remove all access keys stored on disk.
-p, --password PASSWORD
Provide the new password for use with the set sub
command as an argument. If not given, the command will prompt the user to
enter a new password while masking input.
-h, --help
Shows additional help for the sub command.
reset [OPTIONS]¶
Factory-reset the OATH applet, unsetting any access password and erasing
all stored credentials.
-f, --force
Do not prompt for confirmation before resetting.
-h, --help
Shows additional help for the sub command.
SEE ALSO¶
yubioath-gui(1)