How can I prevent Fedora from mounting my Yubikey?

I’m running Fedora 37. When I plug my Yubikey into my computer some process grabs it, and that prevents me from redirecting the key to a guest system running under KVM/Qemu.

Does anyone know what process is grabbing the key, or how I can prevent that from happening?

Thanks

Assuming you are running Workstation with the default Gnome Control Center (AKA Settings) you should be able to open that up and go to the removable media item then set what you want to happen with media when it is connected.

Thanks for this. It’s a great suggestion, but unfortunately it didn’t work. There isn’t an entry for security keys in the Other Media section of the UI, and checking “Never prompt or start programs on media insertion” didn’t work either.

Also, at the risk of introducing unnecessary complexity, a Solokey, made by a different company, can be forwarded to a guest. I think that’s because a Solokey is a more simple device that only handles FIDO2, while the Yubikey is multiprotocol.

My best guess is that when you insert a Yubikey, Linux latches on to it as if it were a smart card, which is one of things a Yubikey can do that a Solokey can’t.

Try those:

The problem comes from the pcscd daemon, and I’ve found a kludgy solution.

I plug the key in, then stop the pcscd service:

sudo systemctl stop pcscd

Then I can redirect the key to the virtual machine. The service will restart whenever keys are inserted or removed.

1 Like