search

doy / rbw

unofficial bitwarden cli
https://git.tozt.net/rbw
Other
620 stars 83 forks source link

TODO error during login - YubiKey #7

Closed Linuksiarz closed 1 year ago

Linuksiarz commented 4 years ago

Hello! I'm having trouble logging using private server (bitwarden_rs) and Yubikey. After entering password I'm getting:

$ rbw unlock
rbw unlock: TODO

The same for sync or ls.

Version (AUR rbw-git):

$ rbw --version
rbw 0.4.2
doy commented 4 years ago

yeah, yubikeys are currently not supported. i'd be willing to look over a patch to make this work, but i'm unfortunately pretty unlikely to get to this anytime soon (it'll be a decent amount of work, because as far as i can tell, there aren't really any u2f client libraries for rust yet, and i don't personally use a yubikey for bitwarden). sorry!

ambroisie commented 3 years ago

@doy i assume the situation has not changed much since then?

I would really like being able to use rbw with my 2FA-enabled account.

ivankovnatsky commented 2 years ago

Getting similar issues on darwin m1:

rbw ls
rbw list: TODO

basically on any rbw action is outputs: TODO.

Sorry, I lied, I've got email 2fa, after disabling it, rbw authenticated no problem. Will create a separate issue then.

mweinelt commented 1 year ago

Wondering if https://github.com/kanidm/webauthn-rs is a valid option for getting webauthn support going. It is kinda the successor to U2F and also works directly with phones, that have TPM devices.

Firstyear commented 1 year ago

Yep, webauthn-rs would work here.

Keep in mind though, that due to recent changes in webauthn and ctap2, using a yubikey as a "second factor" is no longer really the intent of the spec/standard. These devices are moving to self-contained multifactor, and enforce some behaviours that can confuse users if you try to use them as "single factors" only. We try to guide you away from this in the design of the webauthn-rs api.

But otherwise, yes, webauthn-rs has everything you would need here, and we intend to add support for hmac secret in the future if you need derived keys.

quexten commented 1 year ago

I wrote a prototype PR using webauthn-rs, and it is working (With vaultwarden + yubikey 5c). Still needs clean-up, testing, and integration into the rbw pinentry (currently it expects the pin to be entered via the stdin of the agent), but once complete it solves this issue.