Ubuntu – How to use a Yubikey NEO in 14.04 to log into a Google account through Chrome


How do I make Ubuntu 14.04 recognize a Yubikey NEO for Google account authentication?

I have yubikey NEO and Chrome version 46.0.2490.80.
I have used the key successfully on a laptop running Windows 8.
I'd like to use it on a few Ubuntu machines to log into Google.
According to Yubikey's instructions, I have created the file /etc/udev/rules.d/70-u2f.rules with the following contents:

ACTION!="add|change", GOTO="u2f_end"

# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"

# Happlink (formaly Plug-Up) Security KEY
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"

#  Neowave Keydo and Keydo AES
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"

# HyperSecu HyperFIDO
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"


If I then go try to log into Google, after entering my password I see a picture of the yubikey and an error message which reads An unexpected error occurred.

I then try to see if the key is identifying itself properly.
I unplug the key, plug it back in, and get the following output from $ dmesg | tail

[ 2410.138684] usb 2-1.3: new full-speed USB device number 19 using ehci-pci
[ 2410.233935] usb 2-1.3: New USB device found, idVendor=1050, idProduct=0211
[ 2410.233942] usb 2-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 2410.233946] usb 2-1.3: Product: Yubico WinUSB Gnubby (gnubby1)
[ 2410.233949] usb 2-1.3: Manufacturer: Yubico

The idVendor agrees with the #Yubico YubiKey line in 70-u2f.rules, but the idVendor of 0211 is not in 70-u2f.rules.
Trying to fix this I amend the rules file so that the line after #Yubico YubiKey reads

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410|0211", TAG+="uaccess"

Note the addition of |0211 in the idProduct line.
I reboot the machine, but the problem persists.

Best Answer

I had your same problem (on ubuntu 16.04), and this worked for me:

Create a new file called /etc/udev/rules.d/50-security-key.rules:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", OWNER="root", GROUP="plugdev", MODE:="0660"

Once that file is saved, run

sudo udevadm control --reload-rules

and then restart Chrome.

The question is old, but hopefully this will save time to someone else. Source: http://www.sowbug.com/post/131363489376/enabling-yubico-u2f-security-key-on-chrome-for

Related Question