FreeBSD with GMail and Yubikey

Ernesto67

New Member

Reaction score: 3
Messages: 14

Hello,

I hope this is the correct forum to post this.
Currently I am trying to get a Yubikey to work with GMail.
I installed the package u2f-devd-1.0.0-2 and followed the instructions it provided:
service devd restart
pw group mod u2f -m <myuser>
I also switched the security.webauth.u2f config in Firefox to "true".

I can see that the key is identified by the system (via dmesg), but when GMail asks for they key and I plug it in, then touch the key field on the key, nothing happens.

Cheers
Ernesto
 

alexseitsinger

Member

Reaction score: 18
Messages: 92

I may be wrong about this, but usually you have to mount extra drives before they can be used. If that's the case here, then try: mount /dev/<U2F_Drive> /mnt or mount -t msdosfs /dev/<U2F_Drive> /mnt. You might also have to specify the location of the drive in Yubikey or Firefox somewhere.
 
OP
OP
E

Ernesto67

New Member

Reaction score: 3
Messages: 14

I tried that and get the following message:
# mount /dev/uhid2 /mnt
mount: /dev/uhid2: Block device required
 

ralphbsz

Daemon

Reaction score: 929
Messages: 1,490

The Yubikey is not a block device, does not emulate a disk, and can not be mounted. Its USB interface is either a HID (meaning in practice a keyboard), or a smart-card. The software to use it normally uses it as if it were just another keyboard.
 
OP
OP
E

Ernesto67

New Member

Reaction score: 3
Messages: 14

I just booted the PC with the Yubikey plugged in during the boot process and now it worked. Before I had only plugged it in after the request from the website showed up.

Thanks everyone, problem solved :)
 

Wozzeck.Live

Member

Reaction score: 86
Messages: 64

I just booted the PC with the Yubikey plugged in during the boot process and now it worked. Before I had only plugged it in after the request from the website showed up.

Thanks everyone, problem solved :)

If it works when Yubikey is connected on boot, and still not works if Yubikey is connected after the boot, there is probably a DEVFS issue

/etc/devfs.conf defines hardware authorization for devices connected on boot
/etc/devfs.rules defines hardware authorization for devices connected AFTER boot

We usually define in rc.conf the following variable
Code:
devfs_system_ruleset="system"
In devfs.rules you should find or set a profile named "system" (or any other according to the variable set in rc.conf).
In this profile, you should set authorization access to the usb devices
 
Top