Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Security Key not recognized

  1. #1
    Join Date
    Jan 2015
    Beans
    22

    Security Key not recognized

    I am trying to get ubuntu to use a security key. I would like to use it to authenticate to some of my online accounts. I do not want my system to require a security key to login however. It seems like I could end up with a locked system and I certainly want to avoid that.
    My security key is Thetis or Excel Security FIDO2. Although it is not a genuine Yubikey, I thought I would try to use Yubikeys Manager for testing purposes. Here is what I have done.

    Code:
    sudo apt install pcscd
    INstall went fine. I won't include all of the output here.
    Code:
    sudo apt-add-repository ppa:yubico/stable
    
    Then
    Code:
    sudo apt install yubikey-manager
    
    
    
    Then


    Code:
    adam@OptiPlex-5050:/etc/udev/rules.d$ systemctl status pcscd 
     pcscd.service - PC/SC Smart Card Daemon 
         Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled) 
         Active: active (running) since Thu 2024-05-02 13:26:47 CDT; 5s ago 
    TriggeredBy:  pcscd.socket 
           Docs: man:pcscd(8) 
       Main PID: 20788 (pcscd) 
          Tasks: 3 (limit: 18864) 
         Memory: 672.0K 
            CPU: 7ms 
         CGroup: /system.slice/pcscd.service 
                 └─20788 /usr/sbin/pcscd --foreground --auto-exit 
    
    May 02 13:26:47 OptiPlex-5050 systemd[1]: Started PC/SC Smart Card Daemon.
    
    
    And finally
    Code:
    adam@OptiPlex-5050:/etc/udev/rules.d$ ykman info 
    ERROR: No YubiKey detected!
    
    
    However, the device appears with lsusb as ExcelSecu FIDO2 Security Key
    Code:
    adam@OptiPlex-5050:/etc/udev/rules.d$ lsusb 
    Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub 
    Bus 001 Device 003: ID 413c:2003 Dell Computer Corp. Keyboard SK-8115 
    Bus 001 Device 002: ID 046d:c018 Logitech, Inc. Optical Wheel Mouse 
    Bus 001 Device 004: ID 1ea8:fc25 ExcelSecu FIDO2 Security Key 
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    
    
    What do I do next? Keep in mind that I do not want to use the security key to log in to my system.

  2. #2
    Join Date
    Mar 2011
    Location
    U.K.
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Security Key not recognized

    I can't help with any knowledge of Yubi (althugh I recognise that it is more widely used). I opted for Google Titan Key which I use as a 2FA option in accessing some services.

    https://cloud.google.com/blog/produc...e-google-store

    You might compare notes with this overview.

    https://support.google.com/accounts/answer/6103523
    Last edited by dragonfly41; May 2nd, 2024 at 09:23 PM.

  3. #3
    Join Date
    Jan 2015
    Beans
    22

    Re: Security Key not recognized

    I found another guide for the yubikey manager here.
    https://opensourceisfun.substack.com...ng-the-yubikey
    One of the instructions is
    Code:
                             sudo apt install opensc-pkcs11 libpam-pkcs11 pcscd
    I have already installed pcscd above. Can I install opensc-pkcs11 and libpam-pkcs11 without causing any major problems, such as rending myselfe

  4. #4
    Join Date
    Mar 2011
    Location
    U.K.
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Security Key not recognized

    You can always uninstall/remove later. Perhaps use Synaptic Package Manager GUI.
    Code:
    sudo synaptic
    to launch (if Synaptic is installed).
    Search in Synaptic GUI "pcscd" for example.

    "Middleware to access a smart card using PC/SC (daemon side)"

    "The purpose of PC/SC Lite is to provide a Windows(R) SCard interface
    in a very small form factor for communicating to smart cards and
    smart cards readers."

    But in Synaptic I see the other libraries to install. They seem safe to install.

    "OpenSC provides a set of libraries and utilities to access smart
    cards. It mainly focuses on cards that support cryptographic
    operations. It facilitates their use in security applications such as
    mail encryption, authentication, and digital signature. OpenSC
    implements the PKCS#11 API. Applications supporting this API, such as
    Iceweasel and Icedove, can use it. OpenSC implements the PKCS#15
    standard and aims to be compatible with all software that does so as
    well."
    Last edited by dragonfly41; May 3rd, 2024 at 06:50 PM.

  5. #5
    Join Date
    Jan 2015
    Beans
    22

    Re: Security Key not recognized

    Dragonfly, Thank you for the response.

    So it sounds like you are saying yes, I can install these packages without causing any serious problems. My concern is that I install some of these smart card packages and then I won't be able to log into my system. From what I have read about smart cards, that is what they are for.

    Is synaptic a gnome application? I am using kde (kubuntu). It has the Muon Package Manager. I haven't used it before. I tried it just now and I searched for pcscd like you did. It seems to be similar.

    I think I will go ahead and install opens-pkcs11 and libpam-pkcs11. If my thetis security key still doesn't work, maybe I will go and purchase a genuine yubikey.

  6. #6
    Join Date
    Mar 2011
    Location
    U.K.
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Security Key not recognized

    Run ..
    man synaptic

    for reassurance.

  7. #7
    Join Date
    Mar 2011
    Location
    U.K.
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Security Key not recognized


  8. #8
    currentshaft Guest

    Re: Security Key not recognized

    ac
    Last edited by currentshaft; September 3rd, 2024 at 04:22 AM.

  9. #9
    Join Date
    Jan 2015
    Beans
    22

    Re: Security Key not recognized

    Currentshaft. Yes I have tried registering a security key. Firefox displays a message to touch my security key to continue, but it doesn't work. I don't think firefox is recognizing the key.

    So far, I have been reluctant to remove snap and install the deb. I don't understand the process very well and I don't want to break anything.

    I found another, more up to date post about installing the firefox deb and remove snap here. https://support.mozilla.org/en-US/questions/1412073 https://support.mozilla.org/en-US/questions/1412073 or search for the title Firefox using FIDO2 security keys. I includes another FIDO2 test site https://www.token2.com/tools/fido2-test/ which should be useful. It seems to say that the issue has been resolved. There is a further recommendation to disable apparmor. So I tried it.

    Code:
    OptiPlex-5050:/etc/udev/rules.d$ systemctl stop apparmor 
    OptiPlex-5050:/etc/udev/rules.d$ systemctl status apparmor 
    ○ apparmor.service - Load AppArmor profiles 
         Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) 
         Active: inactive (dead) since Mon 2024-05-13 08:19:38 CDT; 11s ago 
           Docs: man:apparmor(7) 
                 https://gitlab.com/apparmor/apparmor/wikis/home/ 
        Process: 484 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=0/SUCCESS) 
        Process: 10233 ExecStop=/bin/true (code=exited, status=0/SUCCESS) 
       Main PID: 484 (code=exited, status=0/SUCCESS) 
            CPU: 1ms 
    
    May 13 06:06:59 OptiPlex-5050 systemd[1]: Starting Load AppArmor profiles... 
    May 13 06:06:59 OptiPlex-5050 apparmor.systemd[484]: Restarting AppArmor 
    May 13 06:06:59 OptiPlex-5050 apparmor.systemd[484]: Reloading AppArmor profiles 
    May 13 06:06:59 OptiPlex-5050 apparmor.systemd[523]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rs>
    May 13 06:06:59 OptiPlex-5050 systemd[1]: Finished Load AppArmor profiles. 
    May 13 08:19:38 OptiPlex-5050 systemd[1]: Stopping Load AppArmor profiles... 
    May 13 08:19:38 OptiPlex-5050 systemd[1]: apparmor.service: Deactivated successfully. 
    May 13 08:19:38 OptiPlex-5050 systemd[1]: Stopped Load AppArmor profiles.
    
    
    But that didn't work either.

    Within the reddit post from dragonfly there is a link to get FIDO2 to work with snap. https://askubuntu.com/questions/1406...-security-keys It says the the manufacturer and product code need to be added to /etc/udev/rules.d/70-snap.firefox.rules

    I checked on my system and it is in there already.

    Code:
    # Thetis U2F BT Fido2 Key 
    SUBSYSTEM=="hidraw", KERNEL=="hidraw*", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="fc25", TAG+="snap_firefox_
    geckodriver"
    So I haven't installed the debs yet. It seems like it has been addressed withing snap and I'm just not willing to do install the debs right now. Are there any other less invasive things that I can try?

  10. #10
    currentshaft Guest

    Re: Security Key not recognized

    3 2 1
    Last edited by currentshaft; September 3rd, 2024 at 04:23 AM.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •