# Share USB Device over Network with socat



## tuaris (Tuesday at 8:46 AM)

I have the following USB device installed on a Raspberry Pi running FreeBSD 13.1:


```
# usbconfig -d ugen1.4 show_ifdrv
ugen1.4: <Yubico Yubikey 4 OTP+U2F+CCID> at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (30mA)
ugen1.4.0: ukbd0: <Yubico Yubikey 4 OTP+U2F+CCID, class 0/0, rev 2.00/4.42, addr 4>
ugen1.4.1: uhid0: <Yubico Yubikey 4 OTP+U2F+CCID, class 0/0, rev 2.00/4.42, addr 4>
```

I would like to attach that device to a remote FreeBSD 13.1 server running as a virtual machine.

I have successfully done something similar with a Z-WAVE USB dongle for misc/openhab using net/socat and net/ser2net.  However this question has nothing to do with OpenHAB.

I have tried the following.

On the Raspberry Pi:
`socat tcp-l:3334,keepalive,reuseaddr /dev/ugen1.4`

On the remote virtual server:
`socat pty,link=/dev/ugen1.4,ignoreof,waitslave tcp:192.168.0.72:3334`

The `usbconfig` command does not list it as a device:


```
# usbconfig
ugen0.1: <(0x15ad) UHCI root HUB> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
ugen1.1: <(0x15ad) EHCI root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.2: <VMware VMware Virtual USB Mouse> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (0mA)
ugen0.3: <VMware, Inc. VMware Virtual USB Hub> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
```

I also tried using /dev/ukbd0 and /dev/uhid0 directly, but `ykman piv info` reports nothing found.


----------



## alexseitsinger (Tuesday at 10:59 PM)

Perhaps I'm overlooking something here, but wouldn't doing this (sharing it over a network) "defeat the purpose" of using it for authentication?

All approaches for human authentication rely on at least one of the following:

_Something you know_ (eg. a password)
_Something you have_ (eg. a smartcard)
_Something you are_ (eg. a fingerprint)
Someone you know (eg. celebrity or public figure)*
(see: https://www.cs.cornell.edu/courses/cs513/2005fa/NNLauthPeople.html)



Spoiler: *



Not srs


----------



## tuaris (Yesterday at 5:53 AM)

alexseitsinger said:


> Perhaps I'm overlooking something here, but wouldn't doing this (sharing it over a network) "defeat the purpose" of using it for authentication?
> 
> All approaches for human authentication rely on at least one of the following:
> 
> ...


Actually the opposite is true in my use case (in my opinion at least).  It's a perfectly valid situation:

Rather than have the Yubikey attached to one of the USB ports on the hypervisor in a separate room, the key remains with me.
There is less chance that the key gets attached to the wrong VM
It does not occupy one of the limited amount of USB ports on a server
USB pass through to a guest VM on the hypervisor is not always reliable
Can't take advantage of VMware's VMotion feature if the VM is reliant on a USB device being connected physically to the host server


----------



## monwarez (Yesterday at 6:36 AM)

Have you tried to do this with /dev/usb/1.4.0 and (all the other in 1.4.*)
And then simply do the symlink /dev/ugen1.4 -> usb/1.4.0 

And if it still does not work, complete it with each device (ukbd, uhid).

Does the use case is ssh key authentication ? Or there is more functionality needed ?


----------



## Alain De Vos (Yesterday at 8:17 AM)

Sorry what does "attach" mean ?. You can also use ssh-filesystem mount for instance.





						How To Use SSHFS to Mount Remote File Systems Over SSH  | DigitalOcean
					

Luckily there is a way to mount your VPS file system to your local computer so you can make changes on the fly and treat your droplet as local storage.




					www.digitalocean.com


----------



## alexseitsinger (Yesterday at 4:44 PM)

tuaris said:


> Actually the opposite is true in my use case (in my opinion at least).  It's a perfectly valid situation:
> 
> Rather than have the Yubikey attached to one of the USB ports on the hypervisor in a separate room, the key remains with me.
> There is less chance that the key gets attached to the wrong VM
> ...


It really sounds like you want to eliminate the usefulness of the Yubikey here, for me.

Perhaps if you gave me an example use case it would make more sense?


----------

