Date: Thu, 6 Sep 2018 13:48:10 +0200 From: Niclas Zeising <zeising+freebsd@daemonic.se> To: Robert Ames <robertames@hotmail.com>, "O'Connor, Daniel" <darius@dons.net.au> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: Yubico Security Keys Message-ID: <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se> In-Reply-To: <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com> References: <SN6PR08MB50700E8EAFDEDA7646671E6EC9030@SN6PR08MB5070.namprd08.prod.outlook.com> <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> <SN6PR08MB5070379187FA4800E9B1537EC9020@SN6PR08MB5070.namprd08.prod.outlook.com> <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/05/18 20:34, Robert Ames wrote:
> On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote:
>>> On 5 Sep 2018, at 12:43, Robert Ames <robertames@hotmail.com> wrote:
>>>>> On 5 Sep 2018, at 08:33, Robert Ames <robertames@hotmail.com> wrote:
>>>>> FreeBSD sees the device:
>>>>>
>>>>> Sep 4 17:25:13 freebsd kernel: ugen1.4: <Yubico Security Key by Yubico> at usbus1
>>>>> Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4
>>>>> Sep 4 17:25:13 freebsd kernel: uhid0: <Yubico Security Key by Yubico, class 0/0, rev 2.00/5.02, addr 4> on usbus1
>>>>>
>>>>> So should this just work out of the box or is there something I'm
>>>>> missing?
>>>>
>>>> Hi Robert,
>>>> I don't have any Yubikeys but have you tried checking the permissions of /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ?
>>>> You can chmod them for now and then if that works have a devd conf or devfs rule which sets the permissions appropriately when the device is connected.
>>>>
>>>> If permissions are the problem it would be nice to see if the error message can be improved too :)
>>>>
>>>> --
>>>> Daniel O'Connor
>>>
>>> I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uhid0.
>>> Once I did a chmod 777 on that it worked. Thank you. Any suggestions on the
>>> best way to add a devd conf or devfs rule for this thing?
>>
>> Add this to /etc/devfs.conf..
>> [root=100]
>> add path 'uhid*' group users mode 660
>>
>> (Assuming your user is in the 'users' group - adjust to taste, devfs(8) has the details)
>>
>> And this to /etc/rc.conf..
>> devfs_system_ruleset="root"
>>
>> Then do..
>> sudo service devfs restart
>>
>> And unplug/replug the key.
>>
>> --
>> Daniel O'Connor
>
> Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work
> using /etc/devd.conf
>
> # Yubico Security Key
> attach 100 {
> match "vendor" "0x1050";
> match "product" "0x0120";
> device-name "uhid[0-9]+";
> action "/usr/sbin/chown robert /dev/$device-name";
> };
>
> running "usbconfig dump_device_desc" to get the vendor and product ids.
> I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is
> the more correct way to do this. But they both work.
>
> So things now work great on the Yubico demo site. Sadly I cannot get it
> to work in Google. Google doesn't respond when I press the gold disc
> during the registration process.
There is a port, security/u2f-devd [0] that sets up devd rules for use
with yubico and other devices. That works great for me. Install it and
follow the instructions.
[0] https://www.freshports.org/security/u2f-devd/
Regards
--
Niclas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5a1e0391-86b6-070c-24db-18529f379bc6>