OATH Commands
Acronyms and their definitions are listed at the bottom of the Base Commands page.
ykman oath [OPTIONS] COMMAND [ARGS]…
Description: | Manage OATH application. |
---|
Examples
- Generate codes for accounts starting with
yubi
:
$ ykman oath accounts code yubi
- Add an account, with the secret key
f5up4ub3dw
and the nameyubico
, that requires touch:
$ ykman oath accounts add yubico f5up4ub3dw --touch
- Set a password for the OATH application:
$ ykman oath access change-password
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
Commands
Command | Description |
---|---|
access |
Manage password protection for OATH. |
accounts |
Manage and use OATH accounts. |
info |
Display general status of OATH application. |
reset |
Reset all OATH data. |
ykman oath access [OPTIONS] COMMAND [ARGS]…
Description: | Manage password protection for OATH. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
Commands
Command | Description |
---|---|
change |
Change the password used to protect OATH accounts. |
forget |
Remove a stored password from this computer. |
remember |
Store the YubiKey password on this computer to avoid
having to enter it on each use.
|
ykman oath access change [OPTIONS]
Description: | Change the password used to protect OATH accounts. Allows you to set or change a password that is required to access the OATH accounts stored on the YubiKey. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-c, --clear |
Clear the current password. |
-n, --new-password TEXT |
Provide a new password as an argument. |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
ykman oath access forget [OPTIONS]
Description: | Remove a stored password from this computer. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-a, --all |
Remove all stored passwords. |
ykman oath access remember [OPTIONS]
Description: | Store the YubiKey password on this computer to avoid having to enter it on each use. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
ykman oath accounts [OPTIONS] COMMAND [ARGS]…
Description: | Manage and use OATH accounts. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
Commands
Command | Description |
---|---|
add |
Add a new account. |
code |
Generate codes. |
delete |
Delete an account. |
list |
List all accounts. |
rename |
Rename an account (Requires YubiKey 5.3 or later). |
uri |
Add a new account from an otpauth:// URI. |
ykman oath accounts add [OPTIONS] NAME [SECRET]
Description: | Add a new account. This adds a new OATH account to the YubiKey. |
---|
Arguments
Argument | Description |
---|---|
NAME |
Provide a name for this account. |
SECRET |
Optional. |
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-a, --algorithm [SHA1|SHA256|SHA512] |
Algorithm to use for code
generation.[default: SHA1]
|
-c, --counter INTEGER |
Initial counter value for HOTP accounts. |
-d, --digits [6|7|8] |
Number of digits in generated code.
[default: 6]
|
-f, --force |
Confirm the action without prompting. |
-i, --issuer TEXT |
Issuer of the account. |
o, --oath-type [[HOTP|TOTP] |
Time-based (TOTP) or counter-based (HOTP)
account. [default: 32]
|
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
-p, --period INTEGER |
Number of seconds a TOTP code is
valid. [default: 30]
|
-r, --remember |
Remember the password on this machine. |
-t, --touch |
Require touch on YubiKey to generate
code.
|
ykman oath accounts code [OPTIONS] [QUERY]
Description: | Generate codes. Generate codes from OATH accounts stored on the YubiKey. Accounts of type HOTP or those that require touch, also require a single match to be triggered. |
---|
Arguments
Argument | Description |
---|---|
QUERY |
Provide a query string to match one or more specific accounts. |
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-H, --show-hidden |
Include hidden accounts. |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
-r, --remember |
Remember the password on this machine. |
-s, --single |
Ensure only a single match, and output only
the code.
|
ykman oath accounts delete [OPTIONS] QUERY
Description: | Delete an account. Delete an account from the YubiKey. Provide a query string to match the account to delete. |
---|
Arguments
Argument | Description |
---|---|
QUERY |
Provide a query string to match one or more specific accounts. |
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-f, --force |
Confirm deletion without prompting |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
-r, --remember |
Remember the password on this machine. |
ykman oath accounts list [OPTIONS]
Description: | List all accounts. List all accounts stored on the YubiKey. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-H, --show-hidden |
Include hidden accounts. |
-o, --oath-type |
Display the OATH type. |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
-p, --period |
Display the period. |
-r, --remember |
Remember the password on this machine. |
ykman oath accounts rename [OPTIONS] QUERY NAME
Description: | Rename an account (Requires YubiKey 5.3 or later). |
---|
Arguments
Argument | Description |
---|---|
QUERY |
A query to match a single account (as shown in list ). |
NAME |
The name of the account (use
<issuer>:<name> tospecify the issuer).
|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-f, --force |
Confirm rename without prompting. |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
-r, --remember |
Remember the password on this machine. |
ykman oath accounts uri [OPTIONS] URI
Description: | Add a new account from an otpauth:// URI. Use a URI to add a new account to the YubiKey. |
---|
Arguments
Argument | Description |
---|---|
URI |
Specify URI path for account. |
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-f, --force |
Confirm the action without prompting. |
-p, --password TEXT |
Provide a password to unlock the YubiKey. |
-r, --remember |
Remember the password on this machine. |
-t, --touch |
Require touch on YubiKey to generate code. |
ykman oath info [OPTIONS]
Description: | Display status of OATH application. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
ykman oath reset [OPTIONS]
Description: | Reset all OATH data. This action deletes all accounts and restores factory settings for the OATH application on the YubiKey. |
---|
Options
Option | Description |
---|---|
-h, --help |
Show this message and exit. |
-f, --force |
Confirm the action without prompting. |
To get in touch with Yubico Support, go to https://support.yubico.com/hc/en-us/requests/new.
To get in touch with Yubico Support, click here.