# Howto for managing a yubikey in FreeBSD?



## VucanRidr (Mar 28, 2022)

Title pretty much says it all. I have googled and searched the forums, but have not found any definitive documentation on how to set one up.

I have two Yubikey 4s, and when I plug either of them into the computer (13.0-RELEASE-p8), dmesg sees them as plugged in:


```
ugen0.11: <Yubico Yubikey 4 OTP+U2F+CCID> at usbus0
ukbd2 numa-domain 0 on uhub0
ukbd2: <Yubico Yubikey 4 OTP+U2F+CCID, class 0/0, rev 2.00/4.37, addr 28> on usbus0
kbd4 at ukbd2
uhid1 numa-domain 0 on uhub0
uhid1: <Yubico Yubikey 4 OTP+U2F+CCID, class 0/0, rev 2.00/4.37, addr 28> on usbus0
```

However, none of the apps seem to be able to see either one of the devices. ykman list says

```
WARNING: PC/SC not available. Smart card protocols will not function.
WARNING: No OTP HID backend available. OTP protocols will not function.
```

ykman gives a different error:

```
NameError: name 'yubikey' is not defined
)
qml: qrc:/qml/YubiKey.qml:205: Error: Cannot assign [undefined] to int
"PyOtherSide error: Traceback (most recent call last):\n\n  File \"<string>\", li
ne 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
qml: Function not found: 'yubikey.controller.count_devices' (Traceback (most rece
nt call last):

  File "<string>", line 1, in <module>

NameError: name 'yubikey' is not defined
)
```

And ykpersonalize-gui says that no yubikey is plugged in. How do I get FreeBSD to recognize the keys?

Thanks,
--vr


----------



## msplsh (Mar 28, 2022)

Have pcsc-lite installed?  That might fulfill the PC/SC requirements.

Other interesting ports are opensc, libccid, libfido2, py-fido2


----------



## VucanRidr (Mar 28, 2022)

pcsc-lite is installed. Do I need to install the other packages? It just seems odd that even ykpersonalize doesn't see the plugged in key...

I just feel like I am missing the right way of putting this pile of lego pieces together.


----------



## msplsh (Mar 28, 2022)

Well ykman is Python so you'll need Python connectors to all the libraries you will use like the py-fido2.  ykpersonalize might not be using the right mode if you're using the gui although I wouldn't use that tool because it seems to be extremely destructive write-only.


----------



## daemonhorn (Sep 17, 2022)

I started to document my Yubikey configuration notes on FreeBSD 13.1+ here:  https://gist.github.com/daemonhorn/bdd77a7bc0ff5842e5a31d999b96e1f1 

OP likely was missing "service pcscd enable && service pcscd start", or was running without applicable privs to the /dev/uhid* devices.  (need to be root, or setup u2f-dev rules to allow group access to users)

I've been successful with the Yubikey 5, and Yubkey Security Key NFC (BLUE).   Works well with Firefox, openssh, yubikey utilities, pcsc-lite.  OpenSSH's FIDO2 interfaces are a bit more fiddly than the tried and true pkcs#11 interfaces, but it all works once you get through the details of configuration.

Good Luck.


----------

