bensallen/duo_provision_yubikey.sh

## duo_provision_yubikey.sh
#!/bin/bash

# Outputs info in a CSV format that can be pasted into Duo's Hardware Token import
# Sets the second slot to a blank entry as FIPS modes requires both slots to have an access code set

if [ -z "${YUBIKEY_ACCESS_CODE}" ]; then
  echo "Set YUBIKEY_ACCESS_CODE, exiting"
  exit 1
fi

sudo ykman mode otp --force >/dev/null
read -r -p "Reinsert Yubikey and hit enter"

(
  sudo ykman info && \
  sudo ykman otp --access-code "${YUBIKEY_ACCESS_CODE}" chalresp 2 000000000000000000000000000000 --force && \
  sudo ykman otp --access-code "${YUBIKEY_ACCESS_CODE}" yubiotp --generate-key --generate-private-id --serial-public-id --force 1
) | grep -E 'Serial number|private ID|secret key' | cut -f 2 -d: | xargs echo | tr " " ","
	#!/bin/bash

	# Outputs info in a CSV format that can be pasted into Duo's Hardware Token import
	# Sets the second slot to a blank entry as FIPS modes requires both slots to have an access code set

	if [ -z "${YUBIKEY_ACCESS_CODE}" ]; then
	echo "Set YUBIKEY_ACCESS_CODE, exiting"
	exit 1
	fi

	sudo ykman mode otp --force >/dev/null
	read -r -p "Reinsert Yubikey and hit enter"

	(
	sudo ykman info && \
	sudo ykman otp --access-code "${YUBIKEY_ACCESS_CODE}" chalresp 2 000000000000000000000000000000 --force && \
	sudo ykman otp --access-code "${YUBIKEY_ACCESS_CODE}" yubiotp --generate-key --generate-private-id --serial-public-id --force 1
	) \| grep -E 'Serial number\|private ID\|secret key' \| cut -f 2 -d: \| xargs echo \| tr " " ","