RE: Yubico Security Keys
On Thu, Sep 06, 2018 at 01:48:10PM +0200, Niclas Zeising wrote: > > Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work > > using /etc/devd.conf > > > > # Yubico Security Key > > attach 100 { > > match "vendor" "0x1050"; > > match "product" "0x0120"; > > device-name "uhid[0-9]+"; > > action "/usr/sbin/chown robert /dev/$device-name"; > > }; > > > > running "usbconfig dump_device_desc" to get the vendor and product ids. > > I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is > > the more correct way to do this. But they both work. > > > > So things now work great on the Yubico demo site. Sadly I cannot get it > > to work in Google. Google doesn't respond when I press the gold disc > > during the registration process. > > > There is a port, security/u2f-devd [0] that sets up devd rules for use > with yubico and other devices. That works great for me. Install it and > follow the instructions. > > [0] https://www.freshports.org/security/u2f-devd/ Just to close this out, the Yubikey DOES work with Google using Firefox. The only catch is you can't register a key with Google using Firefox. You have to use Chromium. Once you register your key using Chromium you can use Firefox to login. See explanation here: https://www.ctrl.blog/entry/firefox-u2f-google For the record, what works for me is 11.2-RELEASE, Firefox 60.0.1 from ports/packages along with u2f-devd from ports/packages to handle the setup of devd. And Chromium from ports/packages for the registration step. Thanks to all who sent me pointers. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
RE: Yubico Security Keys
On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote: > > On 5 Sep 2018, at 12:43, Robert Ames wrote: > >>> On 5 Sep 2018, at 08:33, Robert Ames wrote: > >>> FreeBSD sees the device: > >>> > >>> Sep 4 17:25:13 freebsd kernel: ugen1.4: > >>> at usbus1 > >>> Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4 > >>> Sep 4 17:25:13 freebsd kernel: uhid0: >>> class 0/0, rev 2.00/5.02, addr 4> on usbus1 > >>> > >>> So should this just work out of the box or is there something I'm > >>> missing? > >> > >> Hi Robert, > >> I don't have any Yubikeys but have you tried checking the permissions of > >> /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ? > >> You can chmod them for now and then if that works have a devd conf or > >> devfs rule which sets the permissions appropriately when the device is > >> connected. > >> > >> If permissions are the problem it would be nice to see if the error > >> message can be improved too :) > >> > >> -- > >> Daniel O'Connor > > > > I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uhid0. > > Once I did a chmod 777 on that it worked. Thank you. Any suggestions on > > the > > best way to add a devd conf or devfs rule for this thing? > > Add this to /etc/devfs.conf.. > [root=100] > add path 'uhid*' group users mode 660 > > (Assuming your user is in the 'users' group - adjust to taste, devfs(8) has > the details) > > And this to /etc/rc.conf.. > devfs_system_ruleset="root" > > Then do.. > sudo service devfs restart > > And unplug/replug the key. > > -- > Daniel O'Connor Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work using /etc/devd.conf # Yubico Security Key attach 100 { match "vendor" "0x1050"; match "product" "0x0120"; device-name "uhid[0-9]+"; action "/usr/sbin/chown robert /dev/$device-name"; }; running "usbconfig dump_device_desc" to get the vendor and product ids. I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is the more correct way to do this. But they both work. So things now work great on the Yubico demo site. Sadly I cannot get it to work in Google. Google doesn't respond when I press the gold disc during the registration process. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
RE: Yubico Security Keys
> > On 5 Sep 2018, at 08:33, Robert Ames wrote: > > FreeBSD sees the device: > > > > Sep 4 17:25:13 freebsd kernel: ugen1.4: at > > usbus1 > > Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4 > > Sep 4 17:25:13 freebsd kernel: uhid0: > class 0/0, rev 2.00/5.02, addr 4> on usbus1 > > > > So should this just work out of the box or is there something I'm > > missing? > > Hi Robert, > I don't have any Yubikeys but have you tried checking the permissions of > /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ? > You can chmod them for now and then if that works have a devd conf or devfs > rule which sets the permissions appropriately when the device is connected. > > If permissions are the problem it would be nice to see if the error message > can be improved too :) > > -- > Daniel O'Connor I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uhid0. Once I did a chmod 777 on that it worked. Thank you. Any suggestions on the best way to add a devd conf or devfs rule for this thing? ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Yubico Security Keys
I just upgraded to 11.2-RELEASE with Firefox 60.0.1_1,1 from packages. It's my understanding Yubico Security Keys should be supported (I have one of the blue ones). In Firefox I did about:config and set security.webauth.u2f to true. When I go to https://demo.yubico.com/u2f to test it, the "Register a U2F device" fails with: Registration failed! Make sure you have a U2F device connected, and try again. Traceback (most recent call last): File "/root/python-u2flib-server-demo/examples/yubiauth_server.py", line 161, in __call__ raise Exception("FIDO Client error: %s" % error) Exception: FIDO Client error: 4 (DEVICE INELIGIBLE) FreeBSD sees the device: Sep 4 17:25:13 freebsd kernel: ugen1.4: at usbus1 Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4 Sep 4 17:25:13 freebsd kernel: uhid0: on usbus1 So should this just work out of the box or is there something I'm missing? ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
calendar -a failing in 10.2-RELEASE
In 10.2-RELEASE running "calendar -a" as root fails when user calendar files have a #include line. This worked in 10.0-RELEASE (and before). From my limited testing I think it's looking for the included files relative to root's home directory and not the user's home directory. The svn repository shows some changes in this area in recent releases. Not sure if this new behavior is intentional. $ uname -a FreeBSD freebsd.example.com 10.2-RELEASE FreeBSD 10.2-RELEASE #0: Sun Dec 20 10:00:14 CST 2015 r...@freebsd.example.com:/usr/obj/usr/src/sys/GENERIC i386 $ id uid=1000(robert) gid=20(staff) groups=20(staff),0(wheel),5(operator) $ date Sun Dec 20 16:47:44 CST 2015 $ cat ~/.calendar/calendar #include $ cat ~/.calendar/moredates 12/20 Today is December 20 $ calendar Dec 20 Today is December 20 root@freebsd# id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) root@freebsd# calendar -a calendar: can't open calendar file "moredates" ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
FreeBSD-EN-15:06.file
Trying to get caught up on some of the recent Errata Notices and I'm having problems with FreeBSD-EN-15:06.file on 9.3-RELEASE. # cd /usr/src # patch < /tmp/file-9.3.patch After successfully applying hundreds of patches, it eventually fails with Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- |Index: contrib/file/magic/Magdir/games |=== |--- contrib/file/magic/Magdir/games (revision 0) |+++ contrib/file/magic/Magdir/games (working copy) -- patch: games is not a normal file--can't patch Does anyone have any suggestions? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: kernel can't find root filesystem
From: "M.Hirsch" <[EMAIL PROTECTED]> I had the same problem with 6.1. But only on some occasions, not always (iirc). The installations I made over the last weeks had all very different environments and deployment methods. I can't tell anymore when it happens and when not because I simply added the below loader.conf setting to my postinstall-script. Add "vfs.root.mountfrom=ufs:da0s1" to /boot/loader.conf to fix it. Thank you. That solves my problem even though it seems more like a workaround than an actual solution. But I'll take it. :-) Also, someone responded asking if I had a valid entry in /etc/fstab for the root filesystem. foo# cat /etc/fstab # DeviceMountpoint FStype Options Dump Pass# /dev/da0s1a / ufs rw 1 1 /dev/da0s1b none swapsw 0 0 /dev/da1s1d /local ufs rw 2 2 /dev/cd0/cdrom cd9660 ro,noauto 0 0 _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
kernel can't find root filesystem
I have an ancient machine that used to run 5.4-RELEASE. I installed 6.1-RELEASE and since the install the kernel has trouble finding the root filesystem when it boots and prompts me for it each time. After I type in the root filesystem specification at the mountroot prompt it boots up and runs fine. I've tried repeating the install but it always ends up like this. What do I need to do to avoid this manual step in the boot process? Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-RELEASE #2: Wed Jun 21 18:50:21 CDT 2006 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/FOO Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Cyrix 6x86 (486-class CPU) Origin = "CyrixInstead" DIR=0x1531 Stepping=1 Revision=5 CPU cache: write-through mode real memory = 67108864 (64 MB) avail memory = 60329984 (57 MB) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface cpu0 on motherboard pcib0: pcibus 0 on motherboard pci0: on pcib0 isab0: at device 7.0 on pci0 isa0: on isab0 pci0: at device 7.1 (no driver attached) pci0: at device 17.0 (no driver attached) de0: port 0x6200-0x627f mem 0xe1001000-0xe100107f irq 10 at device 19.0 on pci0 de0: SMC 21041 [10Mb/s] pass 1.1 de0: Ethernet address: 00:e0:29:05:bd:1a pmtimer0 on isa0 orm0: at iomem 0xc-0xc7fff,0xdc000-0xd on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 fd1: <1200-KB 5.25" drive> on fdc0 drive 1 ppc0: at port 0x378-0x37f irq 7 on isa0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 aha1 at port 0x330-0x333 irq 11 drq 5 on isa0 aha1: AHA-1542CF FW Rev. B.0 (ID=45) SCSI Host Adapter, SCSI ID 7, 16 CCBs aha1: [GIANT-LOCKED] unknown: can't assign resources (port) speaker0: at port 0x61 on isa0 unknown: can't assign resources (memory) unknown: can't assign resources (port) unknown: can't assign resources (port) unknown: can't assign resources (port) unknown: can't assign resources (port) Timecounters tick every 1.000 msec de0: enabling 10baseT port Waiting 15 seconds for SCSI devices to settle cd0 at aha1 bus 0 target 6 lun 0 cd0: Removable CD-ROM SCSI-2 device cd0: 3.300MB/s transfers cd0: Attempt to query device size failed: NOT READY, Medium not present da0 at aha1 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-2 device da0: 3.300MB/s transfers da0: 2048MB (4194304 512 byte sectors: 64H 32S/T 2048C) da1 at aha1 bus 0 target 1 lun 0 da1: Fixed Direct Access SCSI-2 device da1: 3.300MB/s transfers da1: 2048MB (4194304 512 byte sectors: 64H 32S/T 2048C) Manual root filesystem specification: : Mount using filesystem eg. ufs:da0s1a ? List valid disk boot devices Abort manual input mountroot> ufs:da0s1a Trying to mount root from ufs:da0s1a It starts executing /etc/rc here and continues without any problems. _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"