Yubico Security Keys

Robert Ames robertames at hotmail.com
Wed Sep 5 18:34:45 UTC 2018 

On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote:
> > On 5 Sep 2018, at 12:43, Robert Ames <robertames at hotmail.com> wrote:
> >>> On 5 Sep 2018, at 08:33, Robert Ames <robertames at hotmail.com> wrote:
> >>> FreeBSD sees the device:
> >>>
> >>> Sep  4 17:25:13 freebsd kernel: ugen1.4: <Yubico Security Key by Yubico> at usbus1
> >>> Sep  4 17:25:13 freebsd kernel: uhid0 on uhub4
> >>> Sep  4 17:25:13 freebsd kernel: uhid0: <Yubico Security Key by Yubico, class 0/0, rev 2.00/5.02, addr 4> on usbus1
> >>>
> >>> So should this just work out of the box or is there something I'm
> >>> missing?   
> >>
> >> Hi Robert,
> >> I don't have any Yubikeys but have you tried checking the permissions of /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ?
> >> You can chmod them for now and then if that works have a devd conf or devfs rule which sets the permissions appropriately when the device is connected.
> >>
> >> If permissions are the problem it would be nice to see if the error message can be improved too :)
> >>
> >> --
> >> Daniel O'Connor
> >
> > I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uhid0.
> > Once I did a chmod 777 on that it worked.  Thank you.  Any suggestions on the
> > best way to add a devd conf or devfs rule for this thing?
>
> Add this to /etc/devfs.conf..
> [root=100]
> add path 'uhid*' group users mode 660
>
> (Assuming your user is in the 'users' group - adjust to taste, devfs(8) has the details)
>
> And this to /etc/rc.conf..
> devfs_system_ruleset="root"
>
> Then do..
> sudo service devfs restart
>
> And unplug/replug the key.
>
> --
> Daniel O'Connor
 
Yes, that works (using /etc/devfs.rules).  Thanks.  I also got it to work
using /etc/devd.conf
 
# Yubico Security Key
attach 100 {
        match "vendor" "0x1050";
        match "product" "0x0120";
        device-name "uhid[0-9]+";
        action "/usr/sbin/chown robert /dev/$device-name";
};
 
running "usbconfig dump_device_desc" to get the vendor and product ids.
I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0.  Not sure which is
the more correct way to do this.  But they both work.

So things now work great on the Yubico demo site.  Sadly I cannot get it
to work in Google.  Google doesn't respond when I press the gold disc
during the registration process.

More information about the freebsd-stable mailing list