From owner-freebsd-stable@freebsd.org Sat Sep 8 02:28:56 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7824BFE4629 for ; Sat, 8 Sep 2018 02:28:56 +0000 (UTC) (envelope-from robertames@hotmail.com) Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02olkn0804.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe46::804]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EE9C28189A for ; Sat, 8 Sep 2018 02:28:55 +0000 (UTC) (envelope-from robertames@hotmail.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qj3ScKjyBzxH5xzpogU7MZV9P3xM8nodvvx9N7jQ3HQ=; b=kk5ACyigfHf/s5jrFvDkEG5n17ErC+K1qC9yvkgHMWTE0E1Th4mOOF9LYHG6J4644xLDxF6KzjA037yyp3iNM+UzvYLrQMROAMgzx+QsOFaiijxABVDlGU7XtZWIvi5QLpeKks7Af1B60G2pxPJy3c4VYYciwchEXdicB6XqbJnCNkRaYlHygb0rlR03JGeuCIOf3CzGuA3J49SE9f+ylCX3JYvRFiMrgVOOH4xLQs1EHwWyqm5g4b9RZHwWx70ZAkE2SYpXoUzyUUtUd/AT2FpPdxLf1SWbwnm6GMN2rcvXraqC72oKxYzaQx1J9uHMYk1oCHQXIIPI21pEsdLhcQ== Received: from BL2NAM02FT009.eop-nam02.prod.protection.outlook.com (10.152.76.55) by BL2NAM02HT154.eop-nam02.prod.protection.outlook.com (10.152.77.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.1122.15; Sat, 8 Sep 2018 02:28:54 +0000 Received: from SN6PR08MB5070.namprd08.prod.outlook.com (10.152.76.52) by BL2NAM02FT009.mail.protection.outlook.com (10.152.77.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.1122.15 via Frontend Transport; Sat, 8 Sep 2018 02:28:54 +0000 Received: from SN6PR08MB5070.namprd08.prod.outlook.com ([fe80::9de:d079:285c:e85d]) by SN6PR08MB5070.namprd08.prod.outlook.com ([fe80::9de:d079:285c:e85d%3]) with mapi id 15.20.1122.009; Sat, 8 Sep 2018 02:28:54 +0000 From: Robert Ames To: Niclas Zeising CC: "freebsd-stable@freebsd.org" Subject: RE: Yubico Security Keys Thread-Topic: Yubico Security Keys Thread-Index: AQHURKMNipepzrF9Ck+3hOc4mLpvbaTg4VsAgAAcHyyAAArLAIAA+hTygAEjWACAAoajLw== Date: Sat, 8 Sep 2018 02:28:54 +0000 Message-ID: References: <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> , <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se> In-Reply-To: <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:1D8AA325A38CCD833FC883B51421908C826CE80BE1ABD856EBF0867C5E589517; UpperCasedChecksum:CA751E0D5EB72940C06B98F517A7DBF18654C75857088604A5EFF0675F8E87E4; SizeAsReceived:7425; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [QXOnAtMWqDJWvNUiVkIE+8gOSK/fOMM+] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BL2NAM02HT154; 6:8SsY8YzYRR6EcoSicPGSxkSC1K7qOX4nDOpVBuEpcPX2NoTjbfzShtCkV6VRmnh9Ah8aq4pksG7Ye3D1ARv/HfCQKjZY+5KtCchdUh5s+7h9sGASRuY50XBKjKa3WX0Lh97bkvMxFYs0IinF4ieX/uqzpkzFrVWlASYlirxUtquowXD4BJOcqcohKZmXtm4smn/gw18rwKGKVZw7WrxhnfrnaDM57hWyU8epNdlx5sOsbFJAnsYs/R3QIh03+ZBXTt8RWBlANY5Q7V8PA6uFqTFIZDxPLQmYi0IQvrHUw9uuhccVTRBhBRGxKSD5I9NRPMEdkZsCoyZiegPxPeIc5ErsnXXX5fbgq/4HpNNRRiuMJiJap2c7a3YLwdy3/1xDaRbGl1TIJW2a1gNhUYlRGTawNGuWZdSFtKYka+OvgV/orVATedZzE2q7sEItpRbIyrg5n44WciUcKfjYKJpxsA==; 5:qccinDdZ+k9v4w97FoHWdotip+8UVK0g5NpAt3owwTb59Qxkwdo52VDXhvrmOJmdET2ESEcWZS4170gC7hidsSKezV1seU7WHcvqvFJoL1/REBucodOE1K5KX8n6GNf96V815kkGEz3QkxK/o63lm6DrRE2IZcF9joCpMR4ueI0=; 7:cXjblNMHsZS33wYadmcbK9LCvX7K2wsF+/kSYuIuSW5tluI4L4Pt50seAaRs1OE7EvI0K5ikrJZlM+8w1e/r1xzLxp3ra7H/3EKxl4/vEZStseBfMBfwVOagZs98fJKu6V/bDfadUNsVzLrVtknu7kvrRL3GY/HXtyWEnVr7SCAtGlE2eoZWh2YwzxHL1gQ8Rm26xBkNvBZ8cWDZLXxlkJxDN1t91Zuy9Iabp6VxVyk3HOdrLIcwa5WZD38+CI1j x-incomingheadercount: 47 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101475)(1601125500)(1701031045); SRVR:BL2NAM02HT154; x-ms-traffictypediagnostic: BL2NAM02HT154: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058); SRVR:BL2NAM02HT154; BCL:0; PCL:0; RULEID:; SRVR:BL2NAM02HT154; x-forefront-prvs: 07891BF289 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(54164003)(199004)(189003)(229853002)(104016004)(6306002)(99286004)(8676002)(87572001)(97736004)(14454004)(5250100002)(9686003)(33656002)(2900100001)(105586002)(7696005)(305945005)(11346002)(476003)(256004)(14444005)(5024004)(486006)(55016002)(3480700004)(8936002)(56003)(7116003)(25786009)(81156014)(83332001)(446003)(4326008)(26005)(68736007)(966005)(86362001)(6346003)(5660300001)(73972006)(15650500001)(76176011)(82202002)(6506007)(106356001)(93886005)(6436002)(20460500001)(6246003)(74316002)(102836004)(15852004); DIR:OUT; SFP:1901; SCL:1; SRVR:BL2NAM02HT154; H:SN6PR08MB5070.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: hotmail.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=robertames@hotmail.com; x-microsoft-antispam-message-info: uZPWstQJbu7/JsDhW+raY/lgKkzI+t+s1D8xwzKjoX4YLcgoyJG04DyDCIFocb4KCx5U0n+1OPwujfWst+OhjD7YC5QgAB2wty5lkJw5BATYnvAsE/Fm2hcpyJY8oOmMj8vPZmKBeuoDA/VUmHK4gjSuEflzSxiE7XUKCHkN4E6LhNBv4uIEvWwMlscXTtB/sJnVIRcX7Et15hll6hWxK29DemKf9w/m/UWBo/gB7LM= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7 X-MS-Exchange-CrossTenant-Network-Message-Id: eb1a439a-ab3f-4b6e-4cb6-08d61532d2b3 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2018 02:28:54.6257 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT154 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Sep 2018 02:28:56 -0000 On Thu, Sep 06, 2018 at 01:48:10PM +0200, Niclas Zeising wrote: > > Yes, that works (using /etc/devfs.rules). Thanks. I also got it to wo= rk > > using /etc/devd.conf > > > > # Yubico Security Key > > attach 100 { > > match "vendor" "0x1050"; > > match "product" "0x0120"; > > device-name "uhid[0-9]+"; > > action "/usr/sbin/chown robert /dev/$device-name"; > > }; > > > > running "usbconfig dump_device_desc" to get the vendor and product ids. > > I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which = is > > the more correct way to do this. But they both work. > > > > So things now work great on the Yubico demo site. Sadly I cannot get i= t > > to work in Google. Google doesn't respond when I press the gold disc > > during the registration process. > > > There is a port, security/u2f-devd [0] that sets up devd rules for use > with yubico and other devices. That works great for me. Install it and > follow the instructions. > > [0] https://www.freshports.org/security/u2f-devd/ Just to close this out, the Yubikey DOES work with Google using Firefox. The only catch is you can't register a key with Google using Firefox. You have to use Chromium. Once you register your key using Chromium you can use Firefox to login. See explanation here: https://www.ctrl.blog/entry/firefox-u2f-google For the record, what works for me is 11.2-RELEASE, Firefox 60.0.1 =20 from ports/packages along with u2f-devd from ports/packages to =20 handle the setup of devd. And Chromium from ports/packages for the registration step. Thanks to all who sent me pointers.