YubiKey* Support

This tutorial explains how to configure a YubiKey* for U2F authentication through a web browser on a Clear Linux* OS system.

Description

YubiKey is a USB security token manufactured by Yubico. Depending on the model, a YubiKey can support different authentication protocols including One-Time Password (OTP), Smart card, FIDO2, and Universal 2nd Factor (U2F).

A list of websites that accept U2F authentication with the YubiKey is available on the Yubico website. See the Yubico website to learn more about the Yubikey: https://www.yubico.com/getstarted/meet-the-yubikey/

Prerequisites

This tutorial assumes you have:

  1. Clear Linux OS installed and running.
  2. Mozilla Firefox installed on Clear Linux OS.
  3. A YubiKey.

Enable Linux udev rules for YubiKey

udev is the Linux device manager that handles events when USB devices are added and removed. Custom rules needs to be created to properly identify the YubiKey and provide applications access.

These instructions are derived from: Yubico support article Using Your U2F YubiKey with Linux

  1. Create the udev rules folder under /etc.

    sudo mkdir -p /etc/udev/rules.d/
    
  2. Download the u2f rules from the Yubico GitHub:

    curl -O https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-u2f.rules
    
  3. Move the downloaded 70-u2f.rules file into the /etc/udev folder.

    sudo mv 70-u2f.rules /etc/udev/rules.d/
    
  4. The udev rules should automatically be reloaded. However, they can be manually reloaded or you can reboot the system.

    sudo udevadm control --reload-rules && sudo udevadm trigger
    
  5. Plugin and validate the YubiKey appears as a USB device.

    lsusb
    

Enable U2F in Mozilla Firefox

Firefox comes with U2F web authentication support disabled by default. U2F needs to be enabled in the advanced settings.

These instructions are derived from: Yubico support article Enabling U2F support in Mozilla Firefox

  1. Launch Mozilla Firefox

  2. In the URL bar, type about:config to access the advanced settings.

    about:config
    
  3. Click the I accept the risk! button to continue to the advanced settings

  4. Search for the security.webauth.u2f and double-click it so Value becomes true.

Your YubiKey is now usable on Clear Linux OS with Mozilla Firefox with websites that support U2F authentication.