The other bug with FreeBSD I've found is that it really isn't a big fan of my YubiKey.

Symptoms:
* It is detected at boot, but not if I disconnect & reconnect the device
* KeepassXC can see it when I'm authenticating with my password file if it was plugged in at boot
* Yubico Authenticator & YubiKey Manager cannot see it at all

Judging from forum posts I've read, it seems like this is a known issue. I am running the extra pcsc service, so goodness knows which dependency I'm missing. #BSD #UNIX

@TrechNex hum, weird, this is what I do in case it is different from what you do:

Follow

@TrechNex
# We need to setup the yubikey (repos, ...)
pkg install -y pcsc-lite opensc ykclient
# gnupg
pkg install -y gnupg pinentry-curses
# gpg config
mkdir "${HOME}/.gnupg" || true
chmod 700 "${HOME}/.gnupg"
if [ ! -f "${HOME}/.gnupg/gpg-agent.conf" ]; then
cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
enable-ssh-support
default-cache-ttl 60
max-cache-ttl 120
pinentry-program $(which pinentry-curses)
EOF
fi
chmod 600 "${HOME}/.gnupg/gpg-agent.conf"

· · Web · 1 · 0 · 1

@TrechNex and then add my user to the u2f group.

What did you try and how is it not working?

@evilham I think it's fair to say that I did not do most of those steps. 😅

I installed the packages you mentioned, and gleaned from a couple of forum posts that I needed to ensure that fuse and pcscd was running.

Are they documented somewhere so that I can point other newcomers at it? If not, then it might be something worth adding to the FreeBSD docs, because I could not find that information anywhere.

@evilham I should also clarify that I was aiming to get OATH values for MFA purposes.

I was not trying to use a YubiKey to authenticate over SSH, which I'm guessing from the gpg stuff you suggested might be what you thought I was trying to do.

@TrechNex yep, I use it mostly for SSH auth, but also it works neatly with U2F in Firefox. TBH I haven't used it for OTPs, it's not my YubiKey use-case >,<.

@TrechNex TBH? I'm unsure :-D... I just know I got it to work and in my best fashion, it is neatly documented in a `bootstrap.sh` script, so I can boot off a USB stick, plug in the yubikey and connect places without having to fiddle around.

Did this work for you? If so, would you consider writing it down in a wiki-like fashion and adding it to wiki.FreeBSD.org?

@evilham I didn't try it, I starred your toot because I wanted to make sure I did some reading and then got back to you. 🙂

I have switched back to Linux now, so if I did try it out then it would probably be in a VM of some description.

@TrechNex makes sense ^^ we all just want to do things.
If I do try to use OTP with the YubiKey I'll make sure to tell you if it works :-p.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community