Yubikey sudo. 3. Yubikey sudo

 
 3Yubikey sudo ) you will need to compile a kernel with the correct drivers, I think

This section covers how to require the YubiKey when using the sudo command, which should be used as a test so that you do not lock yourself out of your computer. Insert YubiKey into the client device using USB/Type-C/NFC port. d/sudo file by commenting out @include common-auth and added this line auth required pam_u2f. Starting with Chrome version 39, you will be able to use the YubiKey NEO or YubiKey NEO-n in U2F+HID mode. Security policy Activity. sudo make install installs the project. Click update settings. pkcs11-tool --login --test. # install YubiKey related libraries $ sudo apt install yubikey-manager yubico-piv-tool # install pkcs11 SSL Engine and p11tool $ sudo apt install libengine-pkcs11-openssl gnutls-bin Now, we will reset YubiKey PIV slot and import the private key and certificate. but with TWO YubiKey's registered. The only method for now is using sudoers with NOPASSWD but in my point of view, it's not perfect. YubiKeyがピコピコ光って、触ると sudo が通って test がechoされるのを確認します。さらに別ターミナルを開いて、今度はYubiKeyを抜いて sudo echo test と打ち、パスワード入力が促されるのを確認します。 以上2つの確認が通れば sudo の設定は大丈夫そうです. But all implementations of YubiKey two-factor employ the same user interaction. The Yubico Authenticator tool lets you generate OATH one-time password codes with your YubiKey. When everything is set up we will have Apache running on the default port (80), serving the. Add your first key. Config PAM for SSH. Disconnected it and then mounted sdcard in different device and found /var/log/syslog consumed disk space with vino-server messages. Open YubiKey Manager. Following the decryption, we would sometimes leave the YubiKey plugged into the machine. so Test sudo. $ mkdir -p ~/. If sudo add-apt-repository ppa:yubico/stable fails to fetch the signing key, you can add it manually by running sudo apt-key adv --keyserver keyserver. bash. Make sure Yubico config directory exist: mkdir ~/. d/system-auth and added the line as described in the. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. The client SSHs into the remote server, plugs his/her Yubikey into his/her own machine (not the sever) and types “sudo ls”. Configure your key (s) A YubiKey is a small USB and NFC based device, a so called hardware security token, with modules for many security related use-cases. “The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols [1] developed by the FIDO Alliance. Local Authentication Using Challenge Response. sudo apt-add-repository ppa:yubico/stable sudo apt update sudo apt install scdaemon yubikey-manager libpam-yubico libpam-u2f libu2f-udev; Change the pin to the Fido applicationYubikey 4 OTP+U2F+CCID (1050:0407) not working after attachment to WSL #139. Once installed, you can import the key to slot 9a on your YubiKey using: ykman piv keys import 9a ~/. It provides a cryptographically secure channel over an unsecured network. sudo. Install the U2F module to provide U2F support in Chrome. The package cannot be modified as it requires sudo privileges, but all attempts result in rm: cannot remove ‘/etc/pam. This is the official PPA, open a terminal and run. ”. Hi guys, I've recently setup sudo to require the press of my YubiKey as 2FA via pam_u2f. This includes sudo, su, ssh, screen lockers, display managers, and nearly every other instance where a Linux system needs to authenticate a user. 451 views. so Test sudo. The YubiKey is a small hardware authentication device, created by Yubico, that supports a wide range of authentication protocols. A YubiKey has at least 2 “slots” for keys, depending on the model. 1-Bit Blog How to use Yubikey with WSL2 via USB passthrough (or how I compiled my first custom Linux kernel) October 07, 2022. config/Yubico # do not commit this directory to a dotfiles repo or anything like that pamu2fcfg > ~/. Vault Authentication with YubiKey. g. For the other interface (smartcard, etc. Tagged : common-auth u2f / kubuntu / Yubikey 2fa / yubikey kubuntu. with 3 Yubikey tokens: Let's install the yubikey-manager (and dependency pcscd) and make sure you can connect to the YubiKey: $ sudo apt update $ sudo apt install -y yubikey-manager $ ykman info Device type: YubiKey 5 NFC Serial number: 13910388 Firmware version: 5. The Tutorial shows you Step-by-Step How to Install YubiKey Manager CLI Tool and GUI in Mint LTS GNU/Linux Desktop. Fix expected in selinux-policy-3. Then enter a new Yubikey challenge passphrase, twice, then finally you will need to enter the backup passphrase one last time. Yubico PAM module. sudo systemctl restart sshd Test the YubiKey. Generate the u2f file using pamu2fcfg > ~/. To generate new. Users love the authentication experience and convenient form factor, driving Code Enigma to expand the YubiKey implementation to their ticketing and code management systems as well. E: check the Arch wiki on fprintd. d/sudo. We have a machine that uses a YubiKey to decrypt its hard drive on boot. This will configure the security key to require a PIN or other user authentication whenever you use this SSH key. It however wont work for initial login. Unfortunately, for Reasons™ I’m still using. dmg file) and drag OpenSCTokenApp to your Applications. And reload the SSH daemon (e. For the PIN and PUK you'll need to provide your own values (6-8 digits). The protocol was initially developed by Yubico, Google and NXP and is nowadays hosted as an open-standard by the FIDO Alliance. so cue; To save and exit :wq! Note that cue on the end of the added line displays a prompt in the terminal when it's time to press the button on your Yubikey. Specify the URL template to use, this is set by calling yubikey_client_set_url_template, which defaults to: or. Run: sudo nano /etc/pam. 170 [ben@centos-yubikey-test ~]$ Bonus:. d/sudo and add this line before auth. Nextcloud Server - A safe home for all your data. P. openpgp. 2. Reboot you’re machine and it will prompt you for your YubiKey and allow you to unlock your LUKS encrypted root patition with it. Now that you have tested the. yubikey-manager/focal 5. But you can also configure all the other Yubikey features like FIDO and OTP. config/Yubico/u2f_keys. I register two YubiKey's to my Google account as this is the proper way to do things. Retrieve the public key id: > gpg --list-public-keys. In the web form that opens, fill in your email address. I then followed these instructions to try get the AppImage to work (. Consider setting up a YubiKey on an Ubuntu system using the HMAC-SHA1 challenge-response function. Additionally, you may need to set permissions for your user to access YubiKeys via the. If this doesn't work for you, Yubico in the post Using a YubiKey with USB-C Adapters acknowledges that some adapters are just incompatible with its hardware. It’ll get you public keys from keys. In such a deployment, the YubiKey can be used as an authentication device for accessing domain accounts on both platforms, without requiring additional hardware for each. Create an authorization mapping file for your user. Set to true, to grant sudo privileges with Yubico Challenge Response authentication. Inside instance sudo service udev restart, then sudo udevadm control --reload. Before you proceed, it’s a good idea to open a second terminal window and run “sudo -s” in that terminal to get a root shell in case anything goes wrong. Run `gpg2 --card-status` (if set up as a hardware token for GPG keys) Actual results: "systemctl status" journal logs: Jul 02 08:42:30 sgallaghp50. <username>:<YubiKey token ID> where username is the name of user who is going to authorize with YubiKey, and YubiKey token ID is a user's YubiKey token identification, e. I've tried using pam_yubico instead and. Visit yubico. WSL2 Yubikey Setup Guide. For ykman version 3. Complete the captcha and press ‘Upload AES key’. app — to find and use yubikey-agent. Now when I run sudo I simply have to tap my Yubikey to authenticate. 0. Using SSH, I can't access sudo because I can't satisfy the U2F second factor. socket To restart the bundled pcscd: sudo snap restart yubioath-desktop. From within WSL2. It contains data from multiple sources, including heuristics, and manually curated data. Overview. Steps to Reproduce. The Yubikey Manager is a CLI tool for mainly managing your PIV = Personal Identity Verification storage, where you can store certificates and private keys. 6. Edit the. It can store up to 32 OATH event-based HOTP and time-based TOTP credentials on the device itself, which makes it easy to use across multiple computers. Now that you verified the downloaded file, it is time to install it. There’s a workaround, though, to set a quirks mode for the key, as follows:Manual setup and technical details. Select Add Account. This applies to: Pre-built packages from platform package managers. yubioath-desktop/focal 5. Using SSH, I can't access sudo because I can't satisfy the U2F second factor. This guide will show you how to install it on Ubuntu 22. Next to the menu item "Use two-factor authentication," click Edit. To use your yubikey as a user login or for sudo access you'll have to install a PAM (Pluggable Authentication Module) for your yubikey. I can still list and see the Yubikey there (although its serial does not show up). socket Last login: Tue Jun 22 16:20:37 2021 from 81. Packages are available for several Linux distributions by third party package maintainers. Take the output and paste it to GitHub settings -> SSH and GPG Keys -> New SSH Key. For ykman version 3. Yubico also provides packages for Ubuntu in the yubico/stable PPA: sudo apt-add. I've recently setup sudo to require the press of my YubiKey as 2FA via pam_u2f. com> ESTABLISH SSH CONNECTION. Since you are using a higher security (2FA) mechanism to unlock the drive, there is no need for this challenge. 1 Answer. The YubiKey 5 Series supports most modern and legacy authentication standards. The purpose of the PIN is to unlock the Security Key so it can perform its role. The Yubikey stores the private key I use to sign the code I write 1 and some of the e-mails I send. Enable pcscd (the system smart card daemon) bash. , sudo service sshd reload). If you have several Yubikey tokens for one user, add YubiKey token ID of the other. For example: sudo apt update Set up the YubiKey for GDM (the desktop login. If you have a QR code, make sure the QR code is visible on the screen and select the Scan QR Code button. It is very straight forward. The PAM config file for ssh is located at /etc/pam. Install GnuPG + YubiKey Tools sudo apt update sudo apt -y upgrade sudo apt -y install wget gnupg2 gnupg-agent dirmngr cryptsetup scdaemon pcscd secure-delete hopenpgp-tools yubikey-personalization Check GPG installation with your YubiKey. I've recently obtained a YubiKey 5 NFC, which seems to be working fine when prompted for a u2f token (both on Firefox and Chromium) but in order to use it in OTP mode, I need to run the applications with sudo. sudo apt install -y yubikey-manager yubikey-personalization # some common packages # Insert the yubikey ykman info # your key should be recognized # Device type: YubiKey 5 NFC # Serial number: # Firmware version: # Form factor: # Enabled USB interfaces: OTP+FIDO+CCID # NFC interface is enabled. YubiKey. I’d like to use the new macOS app Secretive, which stores SSH keys in the Secure Enclave on newer MacBooks and requires Touch ID to authenticate. I know I could use the static password option, but I'm using that for something else already. We will override the default authentication flow for the xlock lock manager to allow logins with Yubikey. Since it's a PAM module, probably yes. Under "Security Keys," you’ll find the option called "Add Key. Yubikey challenge-response mode for SUDO; FIDO U2F authentication; Yubikey for SSH authentication; Prerequisites. sudo systemctl stop pcscd sudo systemctl stop pcscd. Run sudo modprobe vhci-hcd to load the necessary drivers. If it is there, it may show up as YubiKey [OTP+FIDO+CCID] <access denied> and ykman will fail to access it. e. share. For the HID interface, see #90. It can be used in intramfs stage during boot process as well as on running system. For sudo you can increase the password time so you don't need it every 30 seconds and you can adjust your lock screen similarly while still allowing the screen to sleep. Open the sudo config file for PAM in an editor: sudo nano /etc/pam. d/sudo. d/sudo’: Permission denied and attemps to escalate to sudo result in sudo: PAM authentication error: Module is unknown. 69. d/sudo Underneath the line: @include common-auth Add: auth required pam_u2f. This section covers how to require the YubiKey when using the sudo command, which should be done as a test so that you do not lock yourself out of your. g. Instead of having to remember and enter passphrases to unlock. ykpersonalize -v-2-ochal-resp-ochal-hmac-ohmac-lt64-ochal-btn-trig-oserial-api-visible #add -ochal-btn-trig to require button press. YubiKey. con, in particular I modified the following options. In the password prompt, enter the password for the user account listed in the User Name field and click Pair. type pamu2fcfg > ~/. Add the yubikey. sudo editor /etc/ssh/authorized_yubikeys Fill it with the username followed by a colon and the first 12 characters of the OTP of the yubikey. I bought a YubiKey 5 NFC. 5-linux. sudo apt install yubikey-manager -y. Run: sudo nano /etc/pam. NOTE: Open an additional root terminal: sudo su. Log back into Windows, open a WSL console and enter ssh-add -l - you should see nothing. sudo add-apt-repository ppa:yubico/stable && sudo apt-get update Just download and run the official AppImage. yubikey-agent is a seamless ssh-agent for YubiKeys. " appears. The server asks for the password, and returns “authentication failed”. g. Refer to the third party provider for installation instructions. A new release of selinux-policy for Fedora 18 will be out soon. Like other inexpensive U2F devices, the private keys are not stored, instead they are symmetrically encrypted (with an internal key) and returned as the key handle. 152. When using the key for establishing a SSH connection however, there is no message about requiring to touch the key like on the Github blog Security keys are now supported for SSH Git. Plug in YubiKey, enter the same command to display the ssh key. sudo apt-add-repository ppa:yubico/stable. No more reaching for your phone. I can confirm that the @bisko workaround of configuring Karabiner-Elements to not modify events from the yubikey solves the USB error: kIOReturnExclusiveAccess problem on sierra (10. If you need to troubleshoot this set-up, first plug in the YubiKey and use opensc-tool --list-readers to verify that the OpenSC layer sees the YubiKey. find the line that contains: auth include system-auth. d/user containing user ALL=(ALL) ALL. a device that is able to generate a origin specific public/private key pair and returns a key handle and a public key to the caller. Unplug YubiKey, disconnect or reboot. 10+, Debian bullseye+): Run ykman openpgp set-touch aut cached. It’ll prompt you for the password you. Add users to the /etc/sudoers configuration file to allow them to use the sudo command. My first idea was to generate a RSA key pair, store private key on YubiKey and public key in my application. Install GUI personalization utility for Yubikey OTP tokens. socket To. To do this you must install the yubikey packages, configure a challenge-response slot on the Yubikey, and then configure the necessary PAM modules. Reloading udev with sudo udevadm trigger or even restarting the Windows (host) computer doesn't result in working : (. If you don’t have your YubiKey, it will give the following prompt: Security token not present for unlocking volume root (nvme0n1p3_crypt), please plug it in. Click OK. Yubikey not recognized unless using sudo. The last step is to setup gpg-agent instead of ssh-agent. Require Yubikey to be pressed when using sudo, su. GIT commit signing. That is all that a key is. d/sudo had lines beginning with "auth". sudo apt-get install yubikey-personalization sudo apt-get install libpam-yubico Configure yubikey and passphrase. Now if everything went right when you remove your Yubikey. sudo apt-get install libpam-u2f. The correct equivalent is /etc/pam. The python library yubikey-manager is needed to communicate with the YubiKey, and may be installed from pip or other package managers. Any feedback is. Execute GUI personalization utility. Planning is being done to enable yubikeys as a second factor in web applications and the like, but is not yet in place. At home, this is easy - my PC dual-boots into an Ubuntu environment I use for writing code. ubuntu. Stars. After this you can login in to SSH in the regular way: $ ssh user@server. Ensure that you are running Google Chrome version 38 or later. All 3 work when I want to sudo something in the terminal, but only the most recent configured key works for login. Plug-in yubikey and type: mkdir ~/. This document explains how to configure a Yubikey for SSH authentication Prerequisites Install Yubikey Personalization Tool and Smart Card Daemon kali@kali:~$ sudo apt install -y yubikey-personalization scdaemon Detect Yubikey First, you’ll need to ensure that your system is fully up-to-date: kali@kali:~$ pcsc_scan Scanning present readers. Yubikey -> pcscd -> scdaemon -> gpg-agent -> gpg commandline tool and other clients. Once the Yubikey admin pin code entered, the secret encryption key is in the Yubikey. You can do SSH pubkey authentication with this, without the key ever being available to the host OS. You will be presented with a form to fill in the information into the application. Customize the Yubikey with gpg. 1. Click on Add Account. 100% Upvoted. Updating Packages: $ sudo apt update. find the line that contains: auth include system-auth. Download the latest release of OpenSCToken. and so interchangeable, is that correct? It all appears to be pretty far from being plug and play, often seeming to require a lot of additional software/modules to get specific things working. " Now the moment of truth: the actual inserting of the key. SSH generally works fine when connection to a server thats only using a password or only a key file. No, you don't need yubikey manager to start using the yubikey. Lock your Mac when pulling off the Yubikey. Works with YubiKey; Secure remote workers with YubiEnterprise Delivery. sudo apt install gnupg pcscd scdaemon. Here's another angle. Run: mkdir -p ~/. and add all user accounts which people might use to this group. The ykman tool can generate a new management key for you. You can always edit the key and. 3-1. In many cases, it is not necessary to configure your. Sorted by: 5. Registered: 2009-05-09. Once you have verified this works for login, screensaver, sudo, etc. Add the line in bold after the mentioned line: @include common-auth auth required pam_u2f. Its main use is to provide multifactor authentication (MFA) when connecting to various websites that support it. For YubiKeys, especially older ones without FIDO2/U2F support, see the previous post titled “How to use a YubiKey with Fedora Linux“. Disable “Activities Overview Hot Corner” in Top Bar. On the next page, you’ll get two values: an client id and a secret key that look something like this: Client ID: 12345 Secret Key: 29384=hr2wCsdl. Authenticate against Git server via GPG & Signing git commits with GPG. This package aims to provide: Use GUI utility. For building on linux pkg-config is used to find these dependencies. Primarily, I use TouchID for sudo authentication on OSX, but I also tend to be connected to a CalDigit TS3 Plus dock and external monitors with my laptop lid closed. This allows apps started from outside your terminal — like the GUI Git client, Fork. If you have a Yubikey, the initial configuration process is as follows: Install the ykman program and any necessary utilities. This applet is a simpler alternative to GPG for managing asymmetric keys on a YubiKey. such as sudo, su, and passwd. sudo apt -y install python3-pip python3-pyscard pip3 install PyOpenSSL pip3 install yubikey-manager sudo service pcscd start. Checking type and firmware version. Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized USB or NFC devices based on similar security technology found in smart cards. Select the Yubikey picture on the top right. Login as a normal non-root user. Click Applications, then OTP. config/yubico. Confirm libu2f-udev is already installed: sudo apt install libu2f-udev. First, you need to enter the password for the YubiKey and confirm. 1PowerShell IfyouareusingPowerShellyoumayneedtoeitherprefixanampersandtoruntheexecutable,oryoucanusetwo I register two YubiKey's to my Google account as this is the proper way to do things. Try to use the sudo command with and without the Yubikey connected. you should not be able to login, even with the correct password. It may prompt for the auxiliary file the first time. The default deployment config can be tuned with the following variables. SCCM Script – Create and Run SCCM Script. Thousands of companies and millions of end-users use YubiKey to simplify and secure logins to computers, internet services, and mobile apps. Generate the keypair on your Yubikey. rsa will work like before, so you don't need to change your workflow if you just want to try out using GnuPG for SSH authentication. sudo systemctl stop pcscd sudo systemctl stop pcscd. Here is how to set up passwordless authentication with a Yubikey: sudo apt install libpam-u2f mkdir ~/. Like a password manager in a usb like a yubikey in a way. 2. config/Yubico/u2f_keys Then sudo -s will work as expected, it will print "Please touch the dev. socket To. Smart card support can also be implemented in a command line scenario. This guide covers how to secure a local Linux login using the U2F feature on YubiKeys and Security Keys. Code: Select all. Help center. Under Long Touch (Slot 2), click Configure. ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. This applet is a simpler alternative to GPG for managing asymmetric keys on a YubiKey. noarch. Before using the Yubikey, check that the warranty tape has not been broken. d/sudo; Add the following line above the “auth include system-auth” line. What I want is to be able to touch a Yubikey instead of typing in my password. service 🔐 Please enter security token PIN: Sep 30 18:02:34 viki systemd [1]: Starting. On other systems I've done this on, /etc/pam. . 04 and show some initial configuration to get started. On Pop_OS! those lines start with "session". 14. myprompt {~}$ ansible all -i hosts --sudo --ask-sudo-pass -m shell -a "/usr/bin/whoami" -vvv -f 10 -t log/ Using /Users/me/. 04/20. because if you only have one YubiKey and it gets lost, you are basically screwed. As such, I wanted to get this Yubikey working. pamu2fcfg > ~/. $ sudo apt update && sudo apt install -y gnupg2 gnupg-agent scdaemon pcscd $ gpg --card-status The last command should go without any errors (if you have public keys for that YubiKey). 9. Using Non-Yubikey Tokens. Bear in mind, setting an absolute path here is possible although very likely a fragile setup, and probably not exhibiting the intended. Lastpass). Swipe your YubiKey to unlock the database. It simplifies and improves 2FA. The biggest differences to the original file is the use of the dm-tool (for locking the screen with lightdm) and the search term Yubico, since the Yubikey Neo is registered with „Yubico. workstation-wg. Make sure the service has support for security keys. sh. Launching OpenSCTokenApp shows an empty application and registers the token driver. ~~ WARNING ~~ Never execute sudo apt upgrade. pkcs11-tool --list-slots. This package is an alternative to Paul Tagliamonte's go-ykpiv, a wrapper for YubiKey's ykpiv. 1. To generate a key, simply put in your email address, and focus your cursor in the “YubiKey OTP” field and tap your Yubikey. If you lose a YubiKey, you can restore your keys from the backup. xml file with the same name as the KeePass database. Add the repository for the Yubico Software. And the procedure of logging into accounts is faster and more convenient. Workaround 1. Open the OTP application within YubiKey Manager, under the " Applications " tab. Configure USB. rs is an unofficial list of Rust/Cargo crates, created by kornelski. A note: Secretive. Step 2: Generating PGP Keys. Protect remote workers; Protect your Microsoft ecosystem; Go. I'm wondering if I can use my Yubikey 4 to authenticate when using sudo on Linux instead of typing my password. sh and place it where you specified in the 20-yubikey. This tool can configure a Yubico OTP credential, a static password, a challenge-response credential or an OATH HOTP credential in both of these slots. Underneath the line: @include common-auth. d/sudo. Hi, does anyone know if there is a way to configure Yubikey 5 with sudo as 1FA asking for the PIN of the key instead of the user password? I have already tried to configure it in the following ways:Some clients has access to SSH but none of them with sudo access, of course. 注意 FIDO 的 PIN 有重试上限,连续三次出错之后必须拔出设备重新插入,连续八次出错之后 FIDO 功能会被锁定!Intro. Note: In my opinion, you don't need to buy 2 YubiKeys if you back up your keys carefully. This is the official PPA, open a terminal and run. Now, I can use command sudo, unlock the screen, and log in (only after logging out) with just my Yubikey. If that happens choose the . sudo is one of the most dangerous commands in the Linux environment. sudo dnf install -y yubikey-manager # some common packages # Insert the yubikey ykman info # your key should be recognized # Device type: YubiKey 5 NFC # Serial number: # Firmware version: 5. config/Yubico/u2f_keys When your Yubikey starts flashing just touch the metal part. if you want to require ONLY the yubikey to unlock your screen: open the file back up with your text editor. Update KeepassXC 2. I have the same "Failed to connect" issue on macOS Catalina, ykman 3. I feel something like this can be done. This means that web services can now easily offer their users strong authentication with a choice of authenticators such as security keys or. Hello, Keys: Yubikey 5 NFC and 5c FIPS Background I recently moved to MacOS as my daily computer after years of using Linux (mainly Fedora). 1 Answer. View license Security policy. Step. Add the line below above the account required pam_opendirectory. sudo wg-quick up wg0 And the wg1 interface like this: sudo wg-quick up wg1 If your gpg-agent doesn't have the PGP key for your password store in its cache, when you start one of those interfaces, you'll be prompted for the PGP key's passphrase -- or if you've moved the PGP key to a YubiKey, you'll be prompted to touch your YubiKey. S. 0 or higher of libykpers. Optionally add -ochal-btn-trig and the device will require a button touch; this is hardly a security improvement if you leave your YubiKey plugged in. hide. This will generate a random otp of length 38 inside slot 2 (long touch)! 3 posts • Page 1 of 1. NOTE: T he secret key should be same as the one copied in step #3 above. . However, this approach does not work: C:Program Files. Using the ykpasswd tool you can add delete yubikey entries from the database (default: /etc/yubikey). A YubiKey have two slots (Short Touch and Long Touch), which may both.