10

How do I make Ubuntu 14.04 recognize a Yubikey NEO for Google account authentication?

I have yubikey NEO and Chrome version 46.0.2490.80. I have used the key successfully on a laptop running Windows 8. I'd like to use it on a few Ubuntu machines to log into Google. According to Yubikey's instructions, I have created the file /etc/udev/rules.d/70-u2f.rules with the following contents:

ACTION!="add|change", GOTO="u2f_end"

# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"

# Happlink (formaly Plug-Up) Security KEY
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"

#  Neowave Keydo and Keydo AES
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"

# HyperSecu HyperFIDO
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"

LABEL="u2f_end"

If I then go try to log into Google, after entering my password I see a picture of the yubikey and an error message which reads An unexpected error occurred.

I then try to see if the key is identifying itself properly. I unplug the key, plug it back in, and get the following output from $ dmesg | tail

[ 2410.138684] usb 2-1.3: new full-speed USB device number 19 using ehci-pci
[ 2410.233935] usb 2-1.3: New USB device found, idVendor=1050, idProduct=0211
[ 2410.233942] usb 2-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 2410.233946] usb 2-1.3: Product: Yubico WinUSB Gnubby (gnubby1)
[ 2410.233949] usb 2-1.3: Manufacturer: Yubico

The idVendor agrees with the #Yubico YubiKey line in 70-u2f.rules, but the idVendor of 0211 is not in 70-u2f.rules. Trying to fix this I amend the rules file so that the line after #Yubico YubiKey reads

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410|0211", TAG+="uaccess"

Note the addition of |0211 in the idProduct line. I reboot the machine, but the problem persists.

DanielSank
  • 224
  • 1
    Adding the udev rule mentioned (see also here fixed the An unexpected error occurred problem for me. Have you followed the instructions on https://www.yubico.com/faq/enable-u2f-linux/, including enabling U2F+HID mode using the neoman program from the yubikey-neo-manager package? In neoman, I have all 3 boxes ticked (OTP+CCID+U2F). For my Yubikey Neo though, the dmesg entry is differnt: New USB device found, idVendor=1050, idProduct=0116, Product: Yubikey NEO OTP+U2F+CCID, not Yubico WinUSB Gnubby. – nh2 Mar 19 '16 at 20:47

2 Answers2

4

I had your same problem (on ubuntu 16.04), and this worked for me:

Create a new file called /etc/udev/rules.d/50-security-key.rules:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", OWNER="root", GROUP="plugdev", MODE:="0660"

Once that file is saved, run

sudo udevadm control --reload-rules

and then restart Chrome.

The question is old, but hopefully this will save time to someone else. Source: http://www.sowbug.com/post/131363489376/enabling-yubico-u2f-security-key-on-chrome-for

panmari
  • 641
antosecret
  • 140
  • 4
  • 1
    This answer helped me discover that, for me, the user that was running Chromium was not part of the plugdev group. After adding the user to the group, the blue Yubi key worked. – Pistos Oct 11 '16 at 20:13
1

I'm using 15.04 above setting up https://www.yubico.com/faq/enable-u2f-linux/

cd /etc/udev/rules.d/
sudo wget https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-u2f.rules

reboot

Then register the key as per normal instructions.

Amos Folarin
  • 1,244