Ask Your Question

How to use FIDO standard key instead of Yubikey

asked 2016-05-17 09:43:48 +0000

cialu gravatar image

Hi, I'm trying to use a standard FIDO Alliance U2F secure key to do Gnome Login and to use as a second factor authentication. Something like what explained here: Using_Yubikeys_with_Fedora.

I did many attemps with different configurations, but I'm unable to make it working. Also googled a lot and find some workaround but nothing definitive.

Anyone solved this issue?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2017-02-03 14:43:35 +0000

AquaL1te gravatar image

I know this is an old topic, but I'll answer it for you anyway.

  1. Install the following packages: pamu2fcfg pamtester
  2. Setup key bindings with: pamu2fcfg -u ${USERNAME} >> /etc/security/u2f_keys (you can also store it in the user's home directory which is the default, but you may want a central place to manage all identities, which could be anywhere as long as you point to that file in PAM)
  3. Setup PAM for GDM, add the following line to the top of /etc/pam.d/gdm-password:

    auth required pam_u2f.so cue authfile=/etc/security/u2f_keys

Also note the 'cue' in the PAM line, that will make sure you'll get notified to touch your Yubikey. To test if it works you can use the following command: pamtester -v gdm-password ${USERNAME} authenticate

edit flag offensive delete link more

answered 2017-06-22 19:42:12 +0000

beduine gravatar image

In my case I also had to add some udev-rules to get a fido-key working. You can find them at https://github.com/Yubico/libu2f-host... Copy the 70-u2f.rules file to /etc/udev/rules.d

edit flag offensive delete link more

answered 2017-06-22 15:10:48 +0000

just plugged my key and i'm getting this

pamu2fcfg -u leandro >> ~/sec/u2f_keys

Unable to generate registration challenge, timeout error (-7)

EDIT 10 MINS AFTER FOR THE LAUGHS: i didn't know that when the device's led blinks i need to push the button :-S

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers. If a question you asked has been answered, accept the best answer by clicking on the checkbox on the left side of the answer.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Question Tools

1 follower


Asked: 2016-05-17 09:43:48 +0000

Seen: 283 times

Last updated: Jun 22