PIV
Yubico
Bitwarden
GPG Tools
Donate Coffee

3. CLI

This page descriptions additional changes you can make to your Yubikey's PIV module utilizing the ykman CLI (command-line)

Guide includes Windows, Linux, and MacOS.

❊ Quick Access

❊ What Is Ykman?

ykman is the command-line version of the Yubikey Manager which gives the user a huge list of commands that they can use on their Yubikey.

The Yubikey Manager is a great program; however, it greatly lacks a lot of features that ykman provides.

❊ Setup

In order to make the following edits; you will be using a command-line called YKMAN. This command-line tool is included with the installation of the Yubikey Manager.

It usually sits in the same folder as where you have the Yubikey Manager installed.

Windows

C:\Program Files\Yubico\YubiKey Manager\ykman.exe

❊ Locate

To access and use ykman, you need to open up Command Prompt, Terminal or Powershell.

Once in your desired terminal, navigate to the folder with Yubikey Manager installed:

cd "C:\Program Files\Yubico\YubiKey Manager"
where ykman.exe

Once you are in the Yubikey Manager folder, type the following to confirm you have found ykman:

ykman.exe --version

After typing the above command, you should see something similar to the following print:

PS C:\Program Files\Yubico\YubiKey Manager> ykman.exe --version

YubiKey Manager (ykman) version: 4.0.7

❊ Change Retries

The retries counter is the number of times you are allowed to incorrectly type in your PIN or PUK, before the Yubikey locks you out. You may set the numbers below to whatever amount you want:

ykman piv access set-retries 5 3
Value

5

Number of PIN retries

3

Number of PUK retries

Changing the number of retries WILL reset your configured PIN and PUK to factory defaults.

PreviousChangeNext4. Certificates

Last updated