{"id":20677343,"url":"https://github.com/operatorfoundation/u2f-auth-server-cli","last_synced_at":"2026-06-05T05:31:30.398Z","repository":{"id":76897132,"uuid":"167434830","full_name":"OperatorFoundation/u2f-auth-server-cli","owner":"OperatorFoundation","description":"A command line configuration tool for the U2F authentication plugin for OpenVPN","archived":false,"fork":false,"pushed_at":"2020-12-04T18:29:10.000Z","size":22,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-01-17T14:57:27.919Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OperatorFoundation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-24T20:44:10.000Z","updated_at":"2020-12-04T18:29:13.000Z","dependencies_parsed_at":null,"dependency_job_id":"a2bd4703-ec09-456c-a0c3-bd4c0b1fb486","html_url":"https://github.com/OperatorFoundation/u2f-auth-server-cli","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OperatorFoundation%2Fu2f-auth-server-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OperatorFoundation%2Fu2f-auth-server-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OperatorFoundation%2Fu2f-auth-server-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OperatorFoundation%2Fu2f-auth-server-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OperatorFoundation","download_url":"https://codeload.github.com/OperatorFoundation/u2f-auth-server-cli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242907625,"owners_count":20205048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T21:15:18.330Z","updated_at":"2025-12-16T04:50:09.253Z","avatar_url":"https://github.com/OperatorFoundation.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# The Operator Foundation\n\n[Operator](https://operatorfoundation.org) makes useable tools to help people around the world with censorship, security, and privacy.\n\n## U2F Authentication for OpenVPN\n\nThis project is part of a suite of a suite of tools for adding U2F authentication to OpenVPN.\n\n### u2f-auth-server-cli\n\nThis commmand line tool is meant to be used in conjunction with the U2F auth server plugin for OpenVPN. This tool allows\nserver administrators to manage the configuration file used by the plugin.\n\n#### Installation\n\nBuilding the command line tool requires CMake to be installed.\n\nTo build using CMake:\n\n    cmake .\n    make\n\nThis will build the u2f-server-auth-cli executable.\n\n#### Usage\n\nAdd a user\n\n    ./u2f-server-auth-cli -a username\n\nSet the user's password\n    \n    ./u2f-server-auth-cli -p password username\n\nEnable U2F for the user\n    \n    ./u2f-server-auth-cli -e username\n    \nDisable U2F for the user\n    \n    ./u2f-server-auth-cli -d username\n    \nEnable self-registration for the user\n\n    ./u2f-server-auth-cli -s username\n    \nDisable self-registration for the user\n\n    ./u2f-server-auth-cli -n username\n    \nRegister a key for the user. The key is generated using the u2f-server command line tool.\n    \n    ./u2f-server-auth-cli -g userkeyfilename -k keyhandlefilename username\n\nUnregister the user's key:    \n    \n    ./u2f-server-auth-cli -u username\n\nMake U2F required for the user:\n    \n    ./u2f-server-auth-cli -q username\n    \nMake U2F optional for the user:    \n    \n    ./u2f-server-auth-cli -o username\n\nDelete a user\n\n    ./u2f-server-auth-cli -r username\n\n#### Registering Keys\n\nRegistering keys requires using both the u2f-server and u2f-host tools, which are provided by Yubikey.\n\n#### Generate a challenge\n\nThe first step is to generate a U2F challenge:\n\n    u2f-server -aregister -ohttp://demo.yubico.com -i http://demo.yubico.com -k keyhandle.dat -p userkey.dat\n    \nThe output will be a JSON string, such as this:\n\n    { \"challenge\": \"cOQ-TBjhsbiAss7_hg2LhNNWxqjrRPWoSlThnQD6e2I\",\\ \"version\":\"U2F_V2\", \"appId\": \"http:\\/\\/demo.yubico.com\" }\n    \nThe u2f-server will now await the response.\n    \n#### Generate a response\n\nThe next step is to generate a U2F response on the client:\n\n    u2f-host -aregister -o http://demo.yubico.com\n    \nThis step must be done on the client that has the U2F device. Copy and paste the challenge from the previous step into\nthe input of u2f-host. Press Ctrl-D to signal the end of input. On some operating systems, the challenge will be too\nlarge to be pasted at once. In this case, you will need to paste as much as possible, hit Ctrl-D once, paste the rest,\nand then press Ctrl-D twice to signal the end of input.\n\nOnce the JSON has been pasted into the input of u2f-host, the U2F device will require user interaction. For instance, a\nYubikey will flash and await a touch by the user. Once user interaction with the U2F device has completed, u2f-host will\nprint a response, such as this:\n\n    { \"registrationData\": \"BQQcsmA1brUvrNgntjvKrCzUIIN92Y61ee\\\n    DI7xnEVliksvO8l0aVY0HcASqf5dExipOVHTfxYVImZ_M3U4eAjt-OQCt\\\n    h1BOT0gr3HLkLJcid1Ahks8NyjeyfkoLLES-i4Fn650vkgE7jTOnCGiuC\\\n    nZzpkZ2exkwLWhNW2QZA1nAaS4owggIbMIIBBaADAgECAgR1o_Z1MAsGC\\\n    SqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2\\\n    VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDA\\\n    wMDAwMFowKjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTk3\\\n    MzY3OTczMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBmjfkNqa2mXz\\\n    Vh2ZxuES5coCvvENxDMDLmfd-0ACG0Fu7wR4ZTjKd9KAuidySpfona5cs\\\n    GmlM0Te_Zu35h_wwujEjAQMA4GCisGAQQBgsQKAQIEADALBgkqhkiG9w0\\\n    BAQsDggEBAb0tuI0-CzSxBg4cAlyD6UyT4cKyJZGVhWdtPgj_mWepT3Tu\\\n    9jXtdgA5F3jfZtTc2eGxuS-PPvqRAkZd40AXgM8A0YaXPwlT4s0RUTY9Y\\\n    8aAQzQZeAHuZk3lKKd_LUCg5077dzdt90lC5eVTEduj6cOnHEqnOr2Cv7\\\n    5FuiQXX7QkGQxtoD-otgvhZ2Fjk29o7Iy9ik7ewHGXOfoVw_ruGWi0YfX\\\n    BTuqEJ6H666vvMN4BZWHtzhC0k5ceQslB9Xdntky-GQgDqNkkBf32GKwA\\\n    FT9JJrkO2BfsB-wfBrTiHr0AABYNTNKTceA5dtR3UVpI492VUWQbY3YmW\\\n    UUfKTI7fM4wRQIhAJNrBRxUWPwdVWFpuutWd78ESaoZFXvK2yvUzm14cP\\\n    vQAiBFSn-5J6LvJAstgSFLD-1vWXANqrJ7-5yoIqT6fOj9JQ==\", \"cli\\\n    entData\": \"eyAiY2hhbGxlbmdlIjogImNPUS1UQmpoc2JpQXNzN19oZz\\\n    JMaE5OV3hxanJSUFdvU2xUaG5RRDZlMkkiLCAib3JpZ2luIjogImh0dHA\\\n    6XC9cL2RlbW8ueXViaWNvLmNvbSIsICJ0eXAiOiAibmF2aWdhdG9yLmlk\\\n    LmZpbmlzaEVucm9sbG1lbnQiIH0=\" }\n    \n#### Paste the response into u2f-server\n\nSimilar to the process for putting the challenge into the input of u2f-host, the response should be copied and pasted\ninto the input of the waiting u2f-server. Press Ctrl-D to signal the end of input. On some operating systems, the\nchallenge will be too large to be pasted at once. In this case, you will need to paste as much as possible, hit Ctrl-D\nonce, paste the rest, and then press Ctrl-D twice to signal the end of input.\n\n#### Register the key with u2f-server-auth-cli\n\nThe u2f-server command from the first step writes the output from the challenge-response process into the specified\nfiles: keyhandle.dat and userkey.dat.\n\nThe results of this process must now be registered with the u2f-server-auth-cli command line tool as follows:\n\n    ./u2f-server-auth-cli -g userkey.dat -k keyhandle.dat username\n    \nThis completes the process for manually registering a key for a user.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foperatorfoundation%2Fu2f-auth-server-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foperatorfoundation%2Fu2f-auth-server-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foperatorfoundation%2Fu2f-auth-server-cli/lists"}