Date: Thu, 6 Sep 2018 13:48:10 +0200 From: Niclas Zeising <zeising+freebsd@daemonic.se> To: Robert Ames <robertames@hotmail.com>, "O'Connor, Daniel" <darius@dons.net.au> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: Yubico Security Keys Message-ID: <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se> In-Reply-To: <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com> References: <SN6PR08MB50700E8EAFDEDA7646671E6EC9030@SN6PR08MB5070.namprd08.prod.outlook.com> <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> <SN6PR08MB5070379187FA4800E9B1537EC9020@SN6PR08MB5070.namprd08.prod.outlook.com> <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/05/18 20:34, Robert Ames wrote: > On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote: >>> On 5 Sep 2018, at 12:43, Robert Ames <robertames@hotmail.com> wrote: >>>>> On 5 Sep 2018, at 08:33, Robert Ames <robertames@hotmail.com> wrote: >>>>> FreeBSD sees the device: >>>>> >>>>> Sep 4 17:25:13 freebsd kernel: ugen1.4: <Yubico Security Key by Yubico> at usbus1 >>>>> Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4 >>>>> Sep 4 17:25:13 freebsd kernel: uhid0: <Yubico Security Key by Yubico, class 0/0, rev 2.00/5.02, addr 4> on usbus1 >>>>> >>>>> So should this just work out of the box or is there something I'm >>>>> missing? >>>> >>>> Hi Robert, >>>> I don't have any Yubikeys but have you tried checking the permissions of /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ? >>>> You can chmod them for now and then if that works have a devd conf or devfs rule which sets the permissions appropriately when the device is connected. >>>> >>>> If permissions are the problem it would be nice to see if the error message can be improved too :) >>>> >>>> -- >>>> Daniel O'Connor >>> >>> I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uhid0. >>> Once I did a chmod 777 on that it worked. Thank you. Any suggestions on the >>> best way to add a devd conf or devfs rule for this thing? >> >> Add this to /etc/devfs.conf.. >> [root=100] >> add path 'uhid*' group users mode 660 >> >> (Assuming your user is in the 'users' group - adjust to taste, devfs(8) has the details) >> >> And this to /etc/rc.conf.. >> devfs_system_ruleset="root" >> >> Then do.. >> sudo service devfs restart >> >> And unplug/replug the key. >> >> -- >> Daniel O'Connor > > Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work > using /etc/devd.conf > > # Yubico Security Key > attach 100 { > match "vendor" "0x1050"; > match "product" "0x0120"; > device-name "uhid[0-9]+"; > action "/usr/sbin/chown robert /dev/$device-name"; > }; > > running "usbconfig dump_device_desc" to get the vendor and product ids. > I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is > the more correct way to do this. But they both work. > > So things now work great on the Yubico demo site. Sadly I cannot get it > to work in Google. Google doesn't respond when I press the gold disc > during the registration process. There is a port, security/u2f-devd [0] that sets up devd rules for use with yubico and other devices. That works great for me. Install it and follow the instructions. [0] https://www.freshports.org/security/u2f-devd/ Regards -- Niclas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5a1e0391-86b6-070c-24db-18529f379bc6>