How to Use Yubikey on Linux

Initial Setup:

  1. Download the YubiKey Manager. This will allow you to modify specific properties of your key, and turn certain features on or off.
  2. Once you’ve installed the manager, you’ll need to make sure that you have U2F mode enabled on your key.
  3. Next, download or create a copy of a special rules file provided by Yubico. It can be found on their Github repository: https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules. Once you have the file, copy it to /etc/udev/rules.d/. If you already have a file in that directory named 70-u2f.rules, make sure that the content looks like the file from the Github repo.
  4. NOTE: If your version of UDEV is lower than 188, you’ll need the old rules file instead. If you’re unsure of your UDEV version, simply run sudo udevadm --version in a terminal.
  5. Save your file, then reboot your system.
  6. Make sure you’re running Google Chrome version 38 or later. You can use your YubiKey in U2F+HID mode starting in Google Chrome version 39.

Additional Tools:

Yubico provides a proprietary 2FA authentication tool that enables use of the key with services such as Protonmail. It can be downloaded from their site.

Another tip:

If you’re having trouble getting your YubiKey to show up on Linux (I’m running Manjaro), you’ll want to make sure you’re running a service called pcscd. To run it, just open a terminal and run sudo systemctl start pcscd. Keep in mind, that will only start the daemon running. If you reboot your computer and stick your YubiKey in later, it won’t be recognized unless you start the pcscd daemon on boot. You can do this by running sudo systemctl enable pcscd. This will create a symlink to the pcscd.socket file, and it should start the daemon on boot. Once you’ve done that, you’re good to go!


0 Comments

Questions? Feedback? Let me know! Drop a comment below: