How to use FIDO standard key instead of Yubikey

asked 2016-05-17 09:43:48 +0000

cialu gravatar image

Hi, I'm trying to use a standard FIDO Alliance U2F secure key to do Gnome Login and to use as a second factor authentication. Something like what explained here: Using_Yubikeys_with_Fedora.

I did many attemps with different configurations, but I'm unable to make it working. Also googled a lot and find some workaround but nothing definitive.

Anyone solved this issue?

answered 2017-02-03 14:43:35 +0000

AquaL1te gravatar image

I know this is an old topic, but I'll answer it for you anyway.

  1. Install the following packages: pamu2fcfg pamtester
  2. Setup key bindings with: pamu2fcfg -u ${USERNAME} >> /etc/security/u2f_keys (you can also store it in the user's home directory which is the default, but you may want a central place to manage all identities, which could be anywhere as long as you point to that file in PAM)
  3. Setup PAM for GDM, add the following line to the top of /etc/pam.d/gdm-password:

    auth required pam_u2f.so cue authfile=/etc/security/u2f_keys

Also note the 'cue' in the PAM line, that will make sure you'll get notified to touch your Yubikey. To test if it works you can use the following command: pamtester -v gdm-password ${USERNAME} authenticate

answered 2017-06-22 19:42:12 +0000

beduine gravatar image

In my case I also had to add some udev-rules to get a fido-key working. You can find them at https://github.com/Yubico/libu2f-host... Copy the 70-u2f.rules file to /etc/udev/rules.d

answered 2017-06-22 15:10:48 +0000

just plugged my key and i'm getting this

pamu2fcfg -u leandro >> ~/sec/u2f_keys

Unable to generate registration challenge, timeout error (-7)

EDIT 10 MINS AFTER FOR THE LAUGHS: i didn't know that when the device's led blinks i need to push the button :-S

