[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

2FA key in whonix workstation

I have an Onlykey (similar to a Yubikey) but it also auto types logins, passwords and other security-related output. It works well in other VMs (Debian and Fedora-based) but it does not work in my whonix-ws qube.

I use sys-usb to connect it to various VMs but nothing is output when connect to my whonix-ws VM and attempt to use it within Tor Browser, mousepad or other whonix-ws applications.

The device is recognized as a keyboard by Linux systems. Is there a security setting that prevents unknown keyboards from injecting text into Whonix? Any idea how to get this working?

Thanks.

Not that I could pinpoint.

Unfortunately not.

Seems unlikely to get resolved unless as per Generic Bug Reproduction and might require moderate technical skill to debug.

Comparing System Logs Whonix (broken) and non-Whonix (functional) might help.

@Patrick Thanks for your reply. The problem is identical to topic 11410 where you advised the user to consult with Qubes support. However, Qubes support says it’s a Whonix issue.

For example, when I create a Whonix 16 VM with HVM virtualization and directly connect the USB PCI controller to Whonix, the USB HID device does not output text. The behavior is the same when I use sys-usb and passthrough the HID device to Whonix. USB storage drives mount and operate with no problem. It’s just the USB HID that doesn’t output properly.

It seems that Whonix recognizes the USB device as connected but doesn’t manage it like a HID. Is it possible that Whonix is assuming that it is a block device or some other USB device?

For instance, I know that the .vmx file in VMware needs to be modified with “allowHID” to properly handle keyboard devices via USB.

The device shows up as connected with lsusb and has entries in /sys and /dev. When I compare the output of journalctl -b with my Debian VM (where the HID operates properly), the only significant difference I noticed was that Debian runs “MTP-probe” with a line confirming that the device is not a media device.

Just some thoughts. I have no idea how to fix this and I really need to get this operational with my Whonix workstation. Any chance you could plug a USB keyboard into Whonix (either sys-usb passthrough or with the PCI controller directly connected to Whonix) and see if anything looks suspect?

Thanks for your time and effort.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]