The first thing we need to do is make sure each Yubkikey has CCID mode enabled. This can be quickly checked with lsusb:
$ lsusb -d 1050:
Bus 003 Device 010: ID 1050:0116 Yubico.com Yubikey NEO(-N) OTP+U2F+CCID
This key already has CCID enabled. In fact, most (all) new Yubikeys already
ship this way. If you have one that isn’t, you can set it correctly with
ykpersonalize -m86. See
for more information from Yubico.
And that’s it! There are a bunch of other settings we will want to change on the tokens, but they can all be set after generating keys. Next time, I’ll talk about generating the master key.