Tag Archives: OSX

Yubikey: Manual pair a PIV Yubikey with OSX

Every now and then things does not work as intended. For example: when putting a new Yubikey that has certificates, PIN and PUK installed into a slot on your Mac, a pairing dialog should appear. This does not always happen and in this case we need to do a “manual pairing”.
I will here explain how:

1. Insert the Yubikey into the Mac
2. Open a terminal
3. Run the sc_auth command below

sc_auth identities

This will output something like this:

SmartCard: com.apple.pivtoken:2B20E9654D142033695ADEC481CFD11EBA45EC00
Unpaired identities:
C28BE4EC86FAAC4B5EFE825947240B2CE03BA4F2       Certificate For PIV Authentication (<username>)

4. Now run the following comman to start the pairing process

sudo sc_auth pair -f -u<username> -hC28BE4EC86FAAC4B5EFE825947240B2CE03BA4F2

<username> – is the username of the identity that you want to pair with your Yubikey
“C28BE4EC86FAAC4B5EFE825947240B2CE03BA4F2” – is the Yubikey hash for the identity above (the CN of the authentication certificate)

The process will now begin with asking for the Yubikey PIN

5. If all goes well you should now see a message “Pairing Successful”

You are now ready to use your Yubikey on your Mac

Tested on OSX Catalina 10.15.4 and Yubikey firmware 4.4.5

Telnet in OSX High Sierra?

Yes they decided to remove the Telnet client in High Sierra (10.13). So, what to do? I have found 3 solutions that have worked for my machines

  • Move your old telnet client from /usr/bin on a Sierra machine and to /usr/local/bin on you High Sierra machine
  • Install the ‘inetutils’ package from Macports (sudo port install inetutils) . This contains a Telnet client, among other utilities
  • Switch to the built in nc (netcat) client on High Sierra. Netcat seems to be similar to Telnet but I have only done some simple tests like connecting

Find all hosts on network with Nmap

To find all pingable hosts on the newtwork you are currently on first find your own ip. In Linux/OSX you can run the command ifconfig (windows uses the ‘ipconfig’ command):

malen@LKGADEFB8:~$ sudo ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1d:7e:ad:ef:b8  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::21d:7eff:fead:efb8/64 Scope:Link
          RX packets:23647854 errors:0 dropped:83 overruns:0 frame:0
          TX packets:31522391 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:320343317 (305.5 MiB)  TX bytes:3340057852 (3.1 GiB)

lo        Link encap:Local Loopback  
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1736 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1736 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:159128 (155.3 KiB)  TX bytes:159128 (155.3 KiB)

You here see your IP at ‘inet addr’ on eth0: To see if there are any other hosts on the 192.168.0.x net use:

nmap -v -sP

This will ping all hosts on 192.168.0.x and show your result in a list

Host appears to be down.
Host appears to be down.
Host appears to be down.
Host appears to be down.
Host appears to be down.
Host Slug ( appears to be up.
Host appears to be down.
Host appears to be down.
Host appears to be down.
Host appears to be down.
Host appears to be down.
Host appears to be down.

Tested on OSX 10.7.4 and Debian Lenny