How to disable a Yubikey on Linux

February 18, 2016

This might be a nice little trick for those of you that are using Yubikey Nanos on Linux with X.

If you're anything like me, you accidentally activate your Yubikey about 10 times per day. Usually in Hipchat rooms.

I started looking for a solution to this and stumbled upon a neat little OS X project called Yubiswitch that allows you to enable/disable your Yubikey from the menu bar.

After not finding anything that seemed to work on Linux, I came up with a little script using xinput to disable the Yubikey.

At first, I tried using xinput float and xinput reattach but didn't feel like finding the master ID to reattach to.

First, find the ID of your Yubikey USB device

YUBIKEY_ID=$(xinput --list | grep Yubico | perl -lane 'print m/id=(\d+)/g')

Then, use the ID to disable the device

xinput set-int-prop $YUBIKEY_ID "Device Enabled" 8 0

Finally, you can re-enable it with

xinput set-int-prop $YUBIKEY_ID "Device Enabled" 8 1

I've combined this into a little script that I put in my $PATH. It will enable the Yubikey for 5 seconds and then disable it.

To get the initial disabled state I threw the disable command in my .xinitrc. That may be redundant though if X persists these settings, but I'm not sure.

Ignore the terrible regex matching with perl.

#!/bin/bash
YUBIKEY_ID=$(xinput --list | grep Yubico | perl -lane 'print m/id=(\d+)/g')

xinput set-int-prop $YUBIKEY_ID "Device Enabled" 8 1
sleep 5
xinput set-int-prop $YUBIKEY_ID "Device Enabled" 8 0

Hope this helps someone!