Ask Your Question

How to use FIDO standard key instead of Yubikey

asked 2016-05-17 04:43:48 -0500

cialu gravatar image

Hi, I'm trying to use a standard FIDO Alliance U2F secure key to do Gnome Login and to use as a second factor authentication. Something like what explained here: Using_Yubikeys_with_Fedora.

I did many attemps with different configurations, but I'm unable to make it working. Also googled a lot and find some workaround but nothing definitive.

Anyone solved this issue?

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2017-02-03 08:43:35 -0500

AquaL1te gravatar image

I know this is an old topic, but I'll answer it for you anyway.

  1. Install the following packages: pamu2fcfg pamtester
  2. Setup key bindings with: pamu2fcfg -u ${USERNAME} >> /etc/security/u2f_keys (you can also store it in the user's home directory which is the default, but you may want a central place to manage all identities, which could be anywhere as long as you point to that file in PAM)
  3. Setup PAM for GDM, add the following line to the top of /etc/pam.d/gdm-password:

    auth required cue authfile=/etc/security/u2f_keys

Also note the 'cue' in the PAM line, that will make sure you'll get notified to touch your Yubikey. To test if it works you can use the following command: pamtester -v gdm-password ${USERNAME} authenticate

edit flag offensive delete link more

answered 2017-06-22 10:10:48 -0500

just plugged my key and i'm getting this

pamu2fcfg -u leandro >> ~/sec/u2f_keys

Unable to generate registration challenge, timeout error (-7)

EDIT 10 MINS AFTER FOR THE LAUGHS: i didn't know that when the device's led blinks i need to push the button :-S

edit flag offensive delete link more

answered 2017-06-22 14:42:12 -0500

beduine gravatar image

In my case I also had to add some udev-rules to get a fido-key working. You can find them at Copy the 70-u2f.rules file to /etc/udev/rules.d

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-05-17 04:43:48 -0500

Seen: 480 times

Last updated: Jun 22 '17