Skip to main content

Using U2F Keys with non-Chome browsers or Linux

The following notes are largely plagiarized, based on information provided by a clever person in OIT. 

You may need to make a special configuration to make U2F keys work with Duo using browsers other than Chrome, or under Linux.

Changing the User Agent String for Firefox, Vivaldi, Opera

You need a plugin called:  “Custom UserAgent String” for your browser.

Once you have it installed, you just have to set a trigger URL. For the trigger, you want:

       https://shib.ncsu.edu/idp/profile/SAML2/Redirect

To return the browser string of:

     Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.1

Linux Configuration

(1) Make sure udev is set up so that your hidraw device is available.

You can do this by adding the information below to the u2f.rules file in the /etc/udev/rules.d directory. This is a device mapping file.

(This has been tried under RHEL but not Ubuntu, although it is believed to work similarly – if not you’ll need to check  the mapping to custom rules for udev. )

#------------------/etc/udev/rules.d/u2f.rules------------------------------
# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"

# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"

# Happlink (formerly Plug-Up) Security KEY
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"

#  Neowave Keydo and Keydo AES
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"

# Feitian ePass FIDO
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850", TAG+="uaccess"

# JaCarta U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101", TAG+="uaccess"

# U2F Zero u2f
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10C4", ATTRS{idProduct}=="8ACF", TAG+="uaccess"

LABEL="u2f_end"
#------------------u2f.rules-----------------------------------

(2) Reboot

(3) Check with lsusb

You should see your device in a “lsusb” command:

Example:

[150] astaroth ~>lsusb 
... 
Bus 003 Device 003: ID 096e:0880 Feitian Technologies, Inc.

Your device should match the 096e string as shown above.