yubioath\-cli(1) =============== :doctype: manpage :man source: yubioath-cli :man manual: Yubico Authenticator Manual == Name yubioath-cli - Yubico Authenticator command line interface == Synopsis *yubioath-cli* [-h] _command_ == Description The Yubico Authenticator is a graphical desktop tool for generating Open AuTHentication (OATH) event-based HOTP and time-based TOTP one-time password codes, with the help of a YubiKey that protects the shared secrets. == Options yubioath-cli has the following options: *-h, --help*:: Shows a list of available sub commands and arguments. *-R, --remember*:: Save any password given for a YubiKey to avoid having to enter it in again. *-r, --reader READER*:: Name to match smartcard reader against (case insensitive). == Commands yubioath-cli supports multiple commands, each with its own options, in addition to the global options: === *yubioath-cli show* [OPTIONS] [QUERY] Display one or more one time codes calculated by the YubiKey. *-s1, --slot1 DIGITS*:: Calculate and show a one time code from slot 1, displaying DIGITS number of digits. *-s2, --slot2 DIGITS*:: Calculate and show a one time code from slot 2, displaying DIGITS number of digits. *-t, --timestamp TIMESTAMP*:: Use the user provided TIMESTAMP instead of the system clock. *QUERY*:: A filter string to match credential names agains. If given, only credentials containing the QUERY substring will be displayed. For HOTP credentials, codes will only be calculated when given a QUERY which uniquely specifices the credential as to avoid unwanted counter incrementation. === *yubioath-cli put* [OPTIONS] KEY Load and store a credential into the YubiKey. *-S, --destination DEST*:: Where DEST is one of: - *0* the main applet (default). - *1* the YubiKey standard slot 1. - *2* the YubiKey standard slot 2. *-N, --name NAME*:: The name to give the credential. When giving a name with an issuer, the issuer and name should be separated by a colon: _issuer:name_. Not applicable to slot-based credentials. *-A, --oath-type ALGORITHM*:: OATH algorithm to use. Should be one of *totp* (default) and *hotp*. Not applicable to slot-based credentials. *-D, --digits DIGITS*:: The number of digits to output when generating codes. Should be *6* or *8*. Not applicable to slot-based credentials. *-I IMF, --imf IMF*:: The initial value to store for the counter. Only applicable for HOTP credential. Not applicable to slot-based credentials. *-T, --touch*:: When set, the slot will require the user to press the button on the YubiKey before calculating a code. *Only* applicable to slot-based credentials. *KEY*:: Either a base32 encoded key to use as the secret for the credential, or an otpauth:// URI containing the parameters of the credential. When a URI is given the other options are not needed, but can be used to override parameters in the URI, if needed. === *yubioath-cli delete* NAME Deletes a credential from the main OATH credential storage. *NAME*:: A filter string that uniquely identifies the credential to delete. === *yubioath-cli password* [OPTIONS] Manage the access password of the OATH applet. *-S, --set*:: Sets a new password for the YubiKey. *-U, --unset*:: Unsets the current password, so that the YubiKey does not require a password to be used. *-F, --forget*:: Remove all access keys stored on disk. *-P, --password PASSWORD*:: Provide the new password for use with *--set* as an argument. If not given, the command will prompt the user to enter a new password while masking input. === *yubioath-cli reset* [OPTIONS] Factory-reset the OATH applet, unsetting any access password and erasing all stored credentials. *-f, --force*:: Do not prompt for confirmation before resetting. == Bugs Report bugs in the issue tracker (https://github.com/Yubico/yubioath-desktop/issues) == See also *yubioath*(1)