5

I have a Yubikey NEO, and I'm trying to get it to work on Debian.

When I plug it in, I get udev events, but no /dev/hidraw? device.

Here's what I know so far:

cat /boot/config-$(uname -r) | grep CONFIG_HIDRAW) gives:

CONFIG_HIDRAW=y

lsusb -v -d 1050:0211 gives:

Bus 002 Device 013: ID 1050:0211 Yubico.com Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x1050 Yubico.com idProduct 0x0211 bcdDevice 0.20 iManufacturer 1 Yubico iProduct 2 Yubico WinUSB Gnubby (gnubby1) iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 32 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x80 (Bus Powered) MaxPower 30mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Device Status: 0x0000 (Bus Powered)

If I run udevadm monitor as I plug and then unplug the Yubikey, I get:

monitor will print the received events for: UDEV - the event which udev sends out after rule processing KERNEL - the kernel uevent KERNEL[7941.975349] add /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2 (usb) KERNEL[7941.975583] add /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0 (usb) UDEV [7941.985350] add /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2 (usb) UDEV [7942.998352] add /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0 (usb) KERNEL[7945.487692] remove /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0 (usb) KERNEL[7945.487791] remove /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2 (usb) UDEV [7945.488139] remove /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0 (usb) UDEV [7945.488620] remove /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2 (usb)

I have added udev rules, as recommended here and cat /etc/udev/rules.d/70-u2f.rules gives:

ACTION!="add|change", GOTO="u2f_end" #KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", TAG+="uaccess" ATTRS{idVendor}=="1050", GROUP="plugdev", MODE="0660" LABEL="u2f_end"

(This didn't work when the commented line was uncommented either.)

I've tried installing libhidapi-hidraw0, but that hasn't seemed to work either.

I've also tried installing and running the Yubikey NEO manager, but both it and the yubikey personalization tool don't think any Yubikey device is plugged in, which why I think the blocker is the lack of a /dev/hidraw0 device (or something at a similar level).

I've reached the limits of both my knowledge of Linux and my ability to Google for solutions, so both further debugging suggestions and (if you know it) solutions would be helpful.

Improve this question
5
  • 1
    lsusb doesn't show any HID interface. And the product id doesn't correspond to any of those I could find for Yubico keys, which would explain the software doesn't find it. Commented Mar 1, 2015 at 1:22
  • Good catch! I got this through work, so it may be development hardware or something? I'll have to check with our IT department. Commented Mar 1, 2015 at 11:25
  • Possible. This is a random guess, but the key could be in a firmware installation/upgrade mode. I have a mouse that shows the same kind of interface when upgrading the firmware. From the docs on Yubico's website, the keys are configured with HID feature reports only, and the firmware isn't supposed to be modifiable. Commented Mar 1, 2015 at 13:25
  • Did you ever figure this out? I'm having the same problem with a 0211 device I got from work. Commented Nov 15, 2015 at 2:10
  • I didn't, sadly. Commented Nov 16, 2015 at 6:53

2 Answers 2

Reset to default
1

You must be careful where you get your Yubikeys from, as some 2nd hand ones come from Google's test team. These will not work with the current version of NEO manager or the Personalization tool.

0x02xx devices are test devices.

If you kindly ask yubikey support for help, and give the device ID, and how you came to acquire said device (probably eBay) from personal experience they will be willing to RMA your device for free and send you a new one on their dime. Your results may vary.

Good luck!

Improve this answer
1

It seem to me like the file /etc/udev/rules.d/70-u2f.rules is out of date, or at least gets overridden by a file in /lib/udev/rules.d/. If you have installed the yubikey-personalization package, there should be a file /lib/udev/rules.d/69-yubikey.rules. Open up the file, and add your test device ID (0x0210) to the list of known idVendors. You should end up with something that looks like this. This is from ubuntu wily werewolf, other OS versions may be slightly different, the key is to add 0211 to the list of product IDs:

ACTION!="add|change", GOTO="yubico_end" # Udev rules for letting the console user access the Yubikey USB # device node, needed for challenge/response to work correctly. # Yubico Yubikey II ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0211|0401|0403|0405|0407|0410", \ ENV{ID_SECURITY_TOKEN}="1" LABEL="yubico_end"

You then need to reload the udev rules with sudo udevadm control --reload-rules, then remove and reinsert your key. This was enough to get it to work for me.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.