10

How do I make Ubuntu 14.04 recognize a Yubikey NEO for Google account authentication?

I have yubikey NEO and Chrome version 46.0.2490.80. I have used the key successfully on a laptop running Windows 8. I'd like to use it on a few Ubuntu machines to log into Google. According to Yubikey's instructions, I have created the file /etc/udev/rules.d/70-u2f.rules with the following contents:

ACTION!="add|change", GOTO="u2f_end"

# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"

# Happlink (formaly Plug-Up) Security KEY
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"

#  Neowave Keydo and Keydo AES
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"

# HyperSecu HyperFIDO
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"

LABEL="u2f_end"

If I then go try to log into Google, after entering my password I see a picture of the yubikey and an error message which reads An unexpected error occurred.

I then try to see if the key is identifying itself properly. I unplug the key, plug it back in, and get the following output from $ dmesg | tail

[ 2410.138684] usb 2-1.3: new full-speed USB device number 19 using ehci-pci
[ 2410.233935] usb 2-1.3: New USB device found, idVendor=1050, idProduct=0211
[ 2410.233942] usb 2-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 2410.233946] usb 2-1.3: Product: Yubico WinUSB Gnubby (gnubby1)
[ 2410.233949] usb 2-1.3: Manufacturer: Yubico

The idVendor agrees with the #Yubico YubiKey line in 70-u2f.rules, but the idVendor of 0211 is not in 70-u2f.rules. Trying to fix this I amend the rules file so that the line after #Yubico YubiKey reads

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410|0211", TAG+="uaccess"

Note the addition of |0211 in the idProduct line. I reboot the machine, but the problem persists.

DanielSank
  • 224
  • 2
  • 14
  • 1
    Adding the udev rule mentioned (see also [here](https://www.yubico.com/faq/enable-u2f-linux/) fixed the `An unexpected error occurred` problem for me. Have you followed the instructions on https://www.yubico.com/faq/enable-u2f-linux/, including enabling `U2F+HID` mode using the `neoman` program from the `yubikey-neo-manager` package? In `neoman`, I have all 3 boxes ticked (OTP+CCID+U2F). For my Yubikey Neo though, the `dmesg` entry is differnt: `New USB device found, idVendor=1050, idProduct=0116`, `Product: Yubikey NEO OTP+U2F+CCID`, not `Yubico WinUSB Gnubby`. – nh2 Mar 19 '16 at 20:47

2 Answers2

4

I had your same problem (on ubuntu 16.04), and this worked for me:

Create a new file called /etc/udev/rules.d/50-security-key.rules:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", OWNER="root", GROUP="plugdev", MODE:="0660"

Once that file is saved, run

sudo udevadm control --reload-rules

and then restart Chrome.

The question is old, but hopefully this will save time to someone else. Source: http://www.sowbug.com/post/131363489376/enabling-yubico-u2f-security-key-on-chrome-for

panmari
  • 641
  • 2
  • 7
  • 21
antosecret
  • 140
  • 4
  • 1
    This answer helped me discover that, for me, the user that was running Chromium was not part of the `plugdev` group. After adding the user to the group, the blue Yubi key worked. – Pistos Oct 11 '16 at 20:13
1

I'm using 15.04 above setting up https://www.yubico.com/faq/enable-u2f-linux/

cd /etc/udev/rules.d/
sudo wget https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-u2f.rules

reboot

Then register the key as per normal instructions.

Amos Folarin
  • 1,124
  • 8
  • 10