Skip to content

Instantly share code, notes, and snippets.

@djeraseit
Last active July 28, 2021 02:58
Show Gist options
  • Save djeraseit/b18df26c06a72095feb4137b97045641 to your computer and use it in GitHub Desktop.
Save djeraseit/b18df26c06a72095feb4137b97045641 to your computer and use it in GitHub Desktop.
How to enable FIDO U2F on Linux
STEP 1: Insert security key and cat /var/log/messages (or tail -f /var/log/messages and then insert security key)
Although some recent versions of Linux have built-in support for U2F security keys, many do not, and you may therefore have to make a minor system configuration change in order to allow the requesting web browser (such as Chrome) to communicate directly with your Key-ID U2F token via the USB port.
This is a system-wide configuration update that enables Key-ID U2F functionality on Linux for all users, and is entirely safe. It uses standard Linux udev rules, which allows you to identify and thus allow certain devices, based on their specific properties, such as its USB Vendor ID and Product ID.
The Feitian FIDO U2F token has a Vendor ID (VID) of 096e (hex) and a Product ID (PID) of 0854 (hex). To enable it on Linux, assuming you are running udev version 188 or later, simply create the file /etc/udev/rules.d/70-u2f.rules with the following contents:
# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"
# Feitian FIDO U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0854", TAG+="uaccess"
LABEL="u2f_end"
You will usually need to have full administrator rights in order to copy or save a file in this system folder. Once created, reboot your system and everything should spring into life!
This has been successfully tested by us and our customers on Linux Mint and various other distros.
@djeraseit
Copy link
Author

root@localhost# udevadm control --reload-rules && udevadm trigger

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment