Provisioning YubiKeys in Bulk / from Remote Workstations
If you do not have direct physical console access to your domain, or if you want to program a large number of keys efficiently in one sitting, then you can use the following process.
From AuthLite.com/downloads, install the "YubiKey Programmer" standalone program on your workstation.
- Launch it from the Start Menu item called "AuthLite Key Programmer"
Configure slot #1 for "AuthLite OTP" and slot #2 to "AuthLite Challenge/Response". More information on how AuthLite uses YubiKeys.
If you are using shorter public IDs than the default, specify the number of bytes on this page as well.
Random public IDs can be used if you have a large number of ID bytes. If you are using very short IDs, you should NOT randomly-generate them because you will end up with collisions (more than one key programmed with the same ID, which will cause an import error).
Go to the Choose Ports tab. Plug in a YubiKey to identify which USB port will be used during this programming session. (Note: Due to Windows slow USB enumeration, there doesn't turn out to be much speed advantage to using many ports at once.)
When ready, click “Start Programming”, and each time you plug in a YubiKey it will be programmed.
Remove the YubiKey when the status reads “DONE (remove key)”. Do not click “Finish” at this point, if you have more keys to program.
You can continue to plug in new keys and program them. When finished with all keys, click the “Finish” button.
Save the resulting XML file.
Note: This file should be considered sensitive information, as it contains all the secret values programmed into the keys. Treat this with the same security measures you would use for a password list or other secure document.