How to Use Yubikey on Linux
- Download the YubiKey Manager. This will allow you to modify specific properties of your key, and turn certain features on or off.
- Once you’ve installed the manager, you’ll need to make sure that you have U2F mode enabled on your key.
- Next, download or create a copy of a special rules file provided by Yubico. It can be found on their Github repository: https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules. Once you have the file, copy it to
/etc/udev/rules.d/. If you already have a file in that directory named
70-u2f.rules, make sure that the content looks like the file from the Github repo.
- NOTE: If your version of UDEV is lower than 188, you’ll need the old rules file instead. If you’re unsure of your UDEV version, simply run
sudo udevadm --versionin a terminal.
- Save your file, then reboot your system.
- Make sure you’re running Google Chrome version 38 or later. You can use your YubiKey in U2F+HID mode starting in Google Chrome version 39.
Yubico provides a proprietary 2FA authentication tool that enables use of the key with services such as Protonmail. It can be downloaded from their site.
If you’re having trouble getting your YubiKey to show up on Linux (I’m running Manjaro), you’ll want to make sure you’re running a service called
pcscd. To run it, just open a terminal and run
sudo systemctl start pcscd. Keep in mind, that will only start the daemon running. If you reboot your computer and stick your YubiKey in later, it won’t be recognized unless you start the
pcscd daemon on boot. You can do this by running
sudo systemctl enable pcscd. This will create a
symlink to the
pcscd.socket file, and it should start the daemon on boot. Once you’ve done that, you’re good to go!
June 2023 update:
Running a fresh install of Xubuntu on an Acer Chromebook, I was able to use Yubikey at Google sign-in on Firefox with zero Yubikey-specific package installs, no drivers, and largely out-of-the box. It would seem that none of the work described above is required anymore