3

I've recently obtained a YubiKey 5 NFC, which seems to be working fine when prompted for a u2f token (both on Firefox and Chromium) but in order to use it in OTP mode, I need to run the applications with sudo. It means I can't program it if I don't run the manager application as root, can't use challenge-response mode in KeePassXC if it's not run as root etc.

I've used the udev rules supplied by Yubico: https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules but it brought no effect. I also know it's clearly a permissions problem, since I can program my YubiKey on my friend's machine and he can't do it on mine (we're both on Debian, testing branch).

Does anybody have an idea what could be the cause of this issue? Any idea for a workaround other than fiddling with visudo or system reinstall?

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
qwrtln
  • 313
  • 1
  • 2
  • 7

1 Answers1

0

There are separate rules for challenge/response which in this case weren't applied automatically: https://github.com/Yubico/yubikey-personalization/blob/master/70-yubikey.rules

They should land in /etc/udev/rules.d/ and be followed by running sudo udevadm control --reload-rules && sudo udevadm trigger.

qwrtln
  • 313
  • 1
  • 2
  • 7
  • Here is yet another repository with udev rules, which worked for me: https://github.com/Yubico/libfido2/blob/main/udev/70-u2f.rules – Abdull Jan 13 '23 at 18:05