⭕3. CLI
This page descriptions additional changes you can make to your Yubikey's PIV module utilizing the ykman CLI (command-line)
At this part of the guide, you should have learned what your PIV PIN, PUK, and Management Keys are. You should have also learned how to change them. If you haven't, please go back to the beginning of this guide on the 
INTERFACE page.
❊ Quick Access
❊ What Is Ykman?
ykman is the command-line version of the Yubikey Manager which gives the user a huge list of commands that they can use on their Yubikey.
The Yubikey Manager is a great program; however, it greatly lacks a lot of features that ykman provides.
❊ Setup
In order to make the following edits; you will be using a command-line called YKMAN. This command-line tool is included with the installation of the Yubikey Manager.
It usually sits in the same folder as where you have the Yubikey Manager installed.
Windows
C:\Program Files\Yubico\YubiKey Manager\ykman.exe
If you haven't already installed the Yubikey Manager, please visit the install / download page here.
❊ Locate
To access and use ykman, you need to open up Command Prompt, Terminal or Powershell.
Once in your desired terminal, navigate to the folder with Yubikey Manager installed:
cd "C:\Program Files\Yubico\YubiKey Manager"where ykman.exeOnce you are in the Yubikey Manager folder, type the following to confirm you have found ykman:
ykman.exe --versionAfter typing the above command, you should see something similar to the following print:
PS C:\Program Files\Yubico\YubiKey Manager> ykman.exe --version
YubiKey Manager (ykman) version: 4.0.7❊ Change Retries
The retries counter is the number of times you are allowed to incorrectly type in your PIN or PUK, before the Yubikey locks you out. You may set the numbers below to whatever amount you want:
ykman piv access set-retries 5 35
Number of PIN retries
3
Number of PUK retries
Changing the number of retries WILL reset your configured PIN and PUK to factory defaults.
Last updated
Was this helpful?