SoloKeys on Ubuntu Linux
I finally received the SoloKeys open source FIDO2 U2F security keys I ordered via their KickStarter last year.
They’re little USB devices that you stick into your computer to act as a physical second factor when authenticating to websites (or, potentially, other software). Instead of typing in a code received via SMS or from an authenticator application, you press a button on the device and it cryptographically identifies itself.
That’s the theory, anyway.
Current versions of Firefox and Chrome support U2F via USB, but when I tried pressing the button, nothing happened.
By referring to instructions for a different brand of U2F key, I was able to fix the problem.
First, I needed the USB vendor and product IDs. You can find this by watching
the output of dmesg
when you plug the key in:
> dmesg -w
You’re looking for something like this:
[600865.652954] usb 1-1.2: USB disconnect, device number 36
[600870.137023] usb 1-1.2: new full-speed USB device number 37 using xhci_hcd
[600870.254772] usb 1-1.2: New USB device found, idVendor=0483, idProduct=a2ca, bcdDevice= 1.00
[600870.254780] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[600870.254785] usb 1-1.2: Product: Solo 2.3.0
[600870.254790] usb 1-1.2: Manufacturer: SoloKeys
[600870.254793] usb 1-1.2: SerialNumber: 208532B1304B
[600870.265170] hid-generic 0003:0483:A2CA.001D: hiddev0,hidraw3: USB HID v1.11 Device [SoloKeys Solo 2.3.0] on usb-0000:00:14.0-1.2/input0
In this case, and the case of both Solo and Solo Tap, the magic numbers are
0483
for the vendor ID, and a2ca
for the product ID.
Next, add a udev
configuration file. As in the article above, I put mine in
/etc/udev/rules.d/70-u2f.rules
:
ACTION!="add|change", GOTO="u2f_end"
# SoloKeys
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
LABEL="u2f_end"
Finally, reload the udev
rules:
> sudo udevadm control --reload-rules
You can now use your Solo key as a second factor with Google, Dropbox, Gandi, etc.
If, however, you want to use it with GitHub, you’ll have to do some fiddling, because despite the fact that Firefox supports U2F, GitHub is doing some old-school user agent sniffing to say it doesn’t! You can work around this by spoofing your user agent when adding the keys.