Date: Wed, 5 Sep 2018 18:34:42 +0000 From: Robert Ames <robertames@hotmail.com> To: "O'Connor, Daniel" <darius@dons.net.au> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: RE: Yubico Security Keys Message-ID: <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com> In-Reply-To: <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> References: <SN6PR08MB50700E8EAFDEDA7646671E6EC9030@SN6PR08MB5070.namprd08.prod.outlook.com> <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> <SN6PR08MB5070379187FA4800E9B1537EC9020@SN6PR08MB5070.namprd08.prod.outlook.com>, <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote:
> > On 5 Sep 2018, at 12:43, Robert Ames <robertames@hotmail.com> wrote:
> >>> On 5 Sep 2018, at 08:33, Robert Ames <robertames@hotmail.com> wrote:
> >>> FreeBSD sees the device:
> >>>
> >>> Sep 4 17:25:13 freebsd kernel: ugen1.4: <Yubico Security Key by Yubi=
co> at usbus1
> >>> Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4
> >>> Sep 4 17:25:13 freebsd kernel: uhid0: <Yubico Security Key by Yubico=
, class 0/0, rev 2.00/5.02, addr 4> on usbus1
> >>>
> >>> So should this just work out of the box or is there something I'm
> >>> missing? =20
> >>
> >> Hi Robert,
> >> I don't have any Yubikeys but have you tried checking the permissions =
of /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ?
> >> You can chmod them for now and then if that works have a devd conf or =
devfs rule which sets the permissions appropriately when the device is conn=
ected.
> >>
> >> If permissions are the problem it would be nice to see if the error me=
ssage can be improved too :)
> >>
> >> --
> >> Daniel O'Connor
> >
> > I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uh=
id0.
> > Once I did a chmod 777 on that it worked. Thank you. Any suggestions =
on the
> > best way to add a devd conf or devfs rule for this thing?
>
> Add this to /etc/devfs.conf..
> [root=3D100]
> add path 'uhid*' group users mode 660
>
> (Assuming your user is in the 'users' group - adjust to taste, devfs(8) h=
as the details)
>
> And this to /etc/rc.conf..
> devfs_system_ruleset=3D"root"
>
> Then do..
> sudo service devfs restart
>
> And unplug/replug the key.
>
> --
> Daniel O'Connor
=20
Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work
using /etc/devd.conf
=20
# Yubico Security Key
attach 100 {
match "vendor" "0x1050";
match "product" "0x0120";
device-name "uhid[0-9]+";
action "/usr/sbin/chown robert /dev/$device-name";
};
=20
running "usbconfig dump_device_desc" to get the vendor and product ids.
I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is
the more correct way to do this. But they both work.
So things now work great on the Yubico demo site. Sadly I cannot get it
to work in Google. Google doesn't respond when I press the gold disc
during the registration process.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN6PR08MB5070E1CE5B15417592DD0895C9020>