yubikey-touch-detector: Not detecting U2F from WebAuthn?
I am unsure if i am doing something wrong here, so please bear with me.
I started the application using the command
yubikey-touch-detector -v
and i got the output here:
DEBU[2020-03-07T11:11:22-05:00] Starting YubiKey touch detector
DEBU[2020-03-07T11:11:22-05:00] SSH watcher is successfully established
DEBU[2020-03-07T11:11:22-05:00] GPG watcher is successfully established
DEBU[2020-03-07T11:11:22-05:00] U2F watcher is successfully established
Then i went here and typed a random username and clicked register
, then yubikey started flashing and the website showed a screen for me to touch the yubikey, however the output of the terminal didnt change.
I am trying to integrate this with waybar, and i used the same script listed here
however when running this script i got a error saying the following :
waybar-yubikey
nc: invalid option -- 'U'
Try `nc --help' for more information.
I then made a modification to make -U
lowercase and be -u
but then i got this error:
Error: Couldn't resolve host "/run/user/1000/yubikey-touch-detector.socket"
I have no idea how to continue, i went to that url in the browser and the socket file does exist⌠so i have no idea why netcat isnât able to connect to it. Any help?
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 19 (9 by maintainers)
@ChadTaljaardt would you be able to test U2F detection in this binary? Itâs a complete rewrite of U2F/FIDO2 support that doesnât depend on any file watcher hacks, but properly reading HID device according to the spec. Thanks!
UPDATED LINK 2: new-u2f.tar.gz
Awesome! Happy to help, enjoy, and thanks for even letting me know about WebAuthn đ
I have found a promising way to detect all U2F requests that does not depend on
pam-u2f
, will get back to you later with something to test đHey, thanks for reporting!
I confirm that the app does not detect it. The reason we can detect U2F when
pam
is involved in the first place is simply because I was able to tap intopam-u2f
codebase and add some marker that yubikey-touch-detector can use.When browsers request U2F, they donât use
pam-u2f
, so the markers donât get created. Furthermore, Iâm afraid different browsers use different code for U2F communication, and there is no âcommon groundâ such as a driver or a library where we would be able to inject some code to help us detect this eventâŚIâm very much open to ideas on how to detect this.
Make sure to install openbsd version of netcat, if you are on Arch Linux, itâs openbsd-netcat.