Apparently wrong Udev rules are provided on the site, sorry for that. Please download and use file from firmware home site: 70-u2f.rules. After the download you could use this simple installation script: install_rules.sh. Example run using terminal:
wget https://raw.githubusercontent.com/Nitrokey/nitrokey-fido-u2f-firmware/master/70-u2f.rules
wget https://raw.githubusercontent.com/Nitrokey/nitrokey-fido-u2f-firmware/master/install_rules.sh
bash install_rules.sh
# please input your password when asked
If it will not work immediately after running that, please reboot your OS and try again accessing the device in a browser. Here is a simple test site: https://u2f.bin.coffee/.
Guide regarding setting the Firefox looks fine.
If that fails, here are simple hardware checks:
Could you tell, is the device showing up? E.g. via the terminal command:
$ lsusb -d 20a0:4287
Bus 003 Device 015: ID 20a0:4287 Clay Logic
Device should blink once, just after the insertion. Could you confirm the same behaviour on your hardware?
If it will still not work, I will provide further instructions, which would involve execution of a Python tool. I am almost sure though the wrong Udev rules are the cause in this case.
@nitroalex Could you correct the documentation please, specifically the Udev rules file? Perhaps you could reuse my reply regarding automatic rules installation on Ubuntu-like OSes.
I see. Device seems to boot properly (blinks once), and is not blinking constantly (which would mean key initialization issue). It also shows up in the OS as an USB device (so its MCU work). And your other U2F device works.
Just to clear my assumptions:
Could you describe how browser behaves, when you are issuing the U2F request on the test site? Is it returning instantly with failure message, or after 30 seconds?
Does the device blink, when the U2F request was sent?
Could you insert the device just after issuing the U2F request on the test site (during the 30 seconds period, counting from the U2F request sending)?
By the U2F request I mean either U2F registration or U2F authentication / signature.
I plan to provide the diagnostic tool tomorrow.
I am experiencing the same issue with PureBrowser 60.1.0 (~= Firefox 60.1.0). I have the same diagnostic results as @sm0rux when running without udev rules, and with the new udev rules provided by @szszszsz
The u2f.bin.coffee website suggests setting security.webauth.u2f_enable_softtoken to true. This setting doesn’t exist, but security.webauth.webauthn_enable_softtoken does. I assume this should not be set to true (despite the instructions) because we’re testing a USB token, not a soft token.
If I do enable security.webauth.webauthn_enable_softtoken should u2f.bin.coffee work? In my case it doesn’t.
I’ve tried both with security.webauth.webauthn_enable_softtoken as true and as false - same same, in other words it doesn’t work.
If the udev rules was wrong the biggest question is if ANYONE using Ubuntu (or derivates) 18.04 got Nitrokey FIDO U2F key to work? Do you guys at Nitrokey get your keys to work? Or should I move to Yubikey?
Of course we do use our devices successfully with Linux and Firefox. If you are not satisfied you can return it anytime. But I believe it’s just a matter of configuring your UDEV rules. More on this later.
For completeness: security.webauth.u2f must be true. For me security.webauth.webauthn_enable_softtoken is false but I’m not sure if it’s relevant. Please check that you don’t have a FIDO/U2F related add-on installed in your browser.
Yes, I agree with you - very strange that no one else had these problems. I mean that Ubuntu 18.04 and derivates are not that rare to use
I noticed on Twitter that I can’t activate the Nitrokey FIDO U2F when using Firefox. However, activating using Chrome allows me to login using Firefox. I think I’ve read the same when it comes to Google.
One annoying thing thing when it comes to use of the key is that Twitter also activates 2FA via Twitter when using the USB key. If I deactivate U2F via SMS also U2F using the stick is deactivated. This is of course totally out of your control and the same happens when using a Yubikey.
Again - thanks for all your support. @jan, now I’m happy again
Btw - I saw two guys with Nitrokey jackets at #35c3. Was it anyone of you? Will we meet at Fosdem?
I also confirm that the 41-nitrokey.rulse that @nitroalex mentioned, works for me on my Ubuntu 18.04 instead of the 41-nitrokey.rules from the nitrokey-com main site!
Please give a hint on your main site nitrokey-com for Ubuntu 18.04 users.
It takes me some time to check in the forum if somebody has the same issue
Hi @d3vid!
Nice guide! Could you mention please what OS and version you are using there? I guess that is PureOS, right? It might confuse other Debian-based distro users. E.g. this will not work for Ubuntu 18.04 LTS due to the old package version - 1.1.4 [1], but will in U18.10 [2] (1.1.6).
@szszszsz Thanks for the feedback. I’ve updated my comment to make it clear I’m talking about PureOS, and the info has been moved to the PureOS wiki (so the context should be clear there too).