yubioath man page

yubioath — Yubico Authenticator command line interface

Synopsis

yubioath [Options] COMMAND [ARGS]...

Description

The Yubico Authenticator is a graphical desktop tool for generating Open AuTHentication (OATH) event-based HOTP and time-based TOTP one-time password codes, with the help of a YubiKey that protects the shared secrets.

Options

yubioath has the following options:

-v, --version
Prints the version of the application and exits.
-h, --help
Shows a list of available sub commands and arguments.
-R, --remember
Save any password given for a YubiKey to avoid having to enter it in again.
-r, --reader READER
Name to match smartcard reader against (case insensitive).

Commands

yubioath supports multiple commands, each with its own options, in addition to the global options:

show [OPTIONS] [QUERY]

Display one or more one time codes calculated by the YubiKey.

-s1, --slot1 DIGITS

Calculate and show a one time code from slot 1, displaying DIGITS number of digits.

-s2, --slot2 DIGITS

Calculate and show a one time code from slot 2, displaying DIGITS number of digits.

-t, --timestamp TIMESTAMP

Use the user provided TIMESTAMP instead of the system clock.

-h, --help

Shows additional help for the sub command.

QUERY

A filter string to match credential names against. If given, only credentials containing the QUERY substring will be displayed. For HOTP credentials, codes will only be calculated when given a QUERY which uniquely specifices the credential as to avoid unwanted counter incrementation.

put [OPTIONS] KEY

Load and store a credential into the YubiKey.

-S, --destination DEST

Where DEST is one of:

· 0 the main applet (default).

· 1 the YubiKey standard slot 1.

· 2 the YubiKey standard slot 2.

-N, --name NAME

The name to give the credential. When giving a name with an issuer, the issuer and name should be separated by a colon: issuer:name. Not applicable to slot-based credentials.

-A, --oath-type ALGORITHM

OATH algorithm to use. Should be one of totp (default) and hotp. Not applicable to slot-based credentials.

-D, --digits DIGITS

The number of digits to output when generating codes. Should be 6 (default) or 8. Not applicable to slot-based credentials.

-I IMF, --imf IMF

The initial value to store for the counter. Only applicable for HOTP credential. Not applicable to slot-based credentials.

-T, --touch

When set, the slot will require the user to press the button on the YubiKey before calculating a code. Only applicable to slot-based credentials.

-h, --help

Shows additional help for the sub command.

KEY

Either a base32 encoded key to use as the secret for the credential, or an otpauth:// URI containing the parameters of the credential. When a URI is given the other options are not needed, but can be used to override parameters in the URI, if needed.

delete NAME

Deletes a credential from the main OATH credential storage.

NAME

A filter string that uniquely identifies the credential to delete.

password SUBCOMMAND [OPTIONS]

Manage the access password of the OATH applet.

set

Sets a new password for the YubiKey.

unset

Unsets the current password, so that the YubiKey does not require a password to be used.

forget

Remove all access keys stored on disk.

-p, --password PASSWORD

Provide the new password for use with the set sub command as an argument. If not given, the command will prompt the user to enter a new password while masking input.

-h, --help

Shows additional help for the sub command.

reset [OPTIONS]

Factory-reset the OATH applet, unsetting any access password and erasing
all stored credentials.

-f, --force

Do not prompt for confirmation before resetting.

-h, --help

Shows additional help for the sub command.

Bugs

Report bugs in the issue tracker (https://github.com/Yubico/yubioath-desk…)

See Also

yubioath-gui(1)

Referenced By

yubioath-gui(1).

06/13/2016 yubioath Yubico Authenticator Manual