This tutorial explains how to configure a YubiKey* for U2F authentication through a web browser on a Clear Linux* OS system.
YubiKey is a USB security token manufactured by Yubico. Depending on the model, a YubiKey can support different authentication protocols including One-Time Password (OTP), Smart card, FIDO2, and Universal 2nd Factor (U2F).
A list of websites that accept U2F authentication with the YubiKey is available on the Yubico website. See the Yubico website to learn more about the Yubikey: https://www.yubico.com/getstarted/meet-the-yubikey/
This tutorial assumes you have:
- Clear Linux OS installed and running.
- Mozilla Firefox installed on Clear Linux OS.
- A YubiKey.
udev is the Linux device manager that handles events when USB devices are added and removed. Custom rules needs to be created to properly identify the YubiKey and provide applications access.
These instructions are derived from: Yubico support article Using Your U2F YubiKey with Linux
Create the udev rules folder under
sudo mkdir -p /etc/udev/rules.d/
Download the u2f rules from the Yubico GitHub:
curl -O https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-u2f.rules
Move the downloaded
70-u2f.rulesfile into the
sudo mv 70-u2f.rules /etc/udev/rules.d/
The udev rules should automatically be reloaded. However, they can be manually reloaded or you can reboot the system.
sudo udevadm control --reload-rules && sudo udevadm trigger
Plugin and validate the YubiKey appears as a USB device.
Firefox comes with U2F web authentication support disabled by default. U2F needs to be enabled in the advanced settings.
These instructions are derived from: Yubico support article Enabling U2F support in Mozilla Firefox
Launch Mozilla Firefox
In the URL bar, type about:config to access the advanced settings.
Click the I accept the risk! button to continue to the advanced settings
Search for the security.webauth.u2f and double-click it so Value becomes true.
Your YubiKey is now usable on Clear Linux OS with Mozilla Firefox with websites that support U2F authentication.