Open timcanham opened 7 years ago
Did you try adding yourself to the plugdev group? (or whichever group your udev rules are using for the yubikey) <- the root user isn't magic (most of the time) but it usually has more memberships than normal users, hence why it can see the device but you can't.
As far as I can tell I have been a member of that group since default install. I haven't touched my memberships and this is what I'm a member of:
$ groups
m adm dialout cdrom floppy sudo audio dip video plugdev netdev
plugdev
is the one that keep being used in pretty much all of the examples/instructions for how to set up udev for devices (Yubikeys included).
As a side note, I have an ATMega32u4 that I can interact with (e.g. flashing QMK firmware), and that's been working even without compiling a custom kernel. This Yubikey business is really throwing me for a loop.
I recently reinstalled to Windows 11. Following these instructions https://docs.microsoft.com/en-us/windows/wsl/connect-usb (making doubly sure to update to the latest wsl-kernel) I still had the same initial issue; I could access the Yubikey as root, but not as non-root.
However, this workaround sudo service pcscd start
- https://github.com/dorssel/usbipd-win/discussions/127#discussioncomment-1817105, make the Yubikey available in usersworld for me.
I only wish this was a bit smoother, e.g. by being able to tell pcscd to restart when it sees the device using udev rules (for now), but I couldn't figure out how to make that work. In all other regards my Yubikey now works the way I want it to, even if it means having to manually restart pcscd.
I recently reinstalled to Windows 11. Following these instructions https://docs.microsoft.com/en-us/windows/wsl/connect-usb (making doubly sure to update to the latest wsl-kernel) I still had the same initial issue; I could access the Yubikey as root, but not as non-root.
However, this workaround
sudo service pcscd start
- https://github.com/dorssel/usbipd-win/discussions/127#discussioncomment-1817105, make the Yubikey available in usersworld for me.I only wish this was a bit smoother, e.g. by being able to tell pcscd to restart when it sees the device using udev rules (for now), but I couldn't figure out how to make that work. In all other regards my Yubikey now works the way I want it to, even if it means having to manually restart pcscd.
Your gpg-related functionality works well, right?
How about FIDO2-related ones? (e.g. ykman list
and ykman fido info
, ran as the root of course)
Your gpg-related functionality works well, right?
Yup. I use it mainly for this.
How about FIDO2-related ones? (e.g.
ykman list
andykman fido info
, ran as the root of course)
I haven't used these so I'm just entering them as you state them;
$ ykman list
YubiKey 5C Nano (5.1.2) [OTP+FIDO+CCID] Serial: [redacted]
$ ykman info
Device type: YubiKey 5C Nano
Serial number: [redacted]
Firmware version: 5.1.2
Form factor: Nano (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID
Applications
FIDO2 Enabled
OTP Enabled
FIDO U2F Enabled
OATH Enabled
YubiHSM Auth Not available
OpenPGP Enabled
PIV Enabled
The command below made no difference when run as root.
$ ykman fido info
Error: No YubiKey found with the given interface(s)
😮 My Yubikey Blue isn't detected even on restarting pcscd, sadly (contrary to the yours). What's wrong...
Blue is the FIDO one right? are we sure that one works yet? So far I've only seen confirmations for the 5 series nano and the regular one (keychain nfc)
Tacking on my personal experience here as well.
Your gpg-related functionality works well, right?
Yes. After attaching the device and starting pcscd
with sudo service pcscd start
, I am able to use the YubiKey with gpg --card-status
.
How about FIDO2-related ones? (e.g.
ykman list
andykman fido info
, ran as the root of course)
Similar story to @matrixes here. ykman list
works, but not ykman fido info
.
Powershell:
PS C:\WINDOWS\system32> usbipd wsl list
BUSID DEVICE STATE
1-3 Goodix fingerprint Not attached
1-4 MediaTek Bluetooth Adapter Not attached
2-2 Microsoft Usbccid Smartcard Reader (WUDF), USB Input Device Not attached
2-3 USB Input Device Not attached
PS C:\WINDOWS\system32> usbipd wsl attach -b 2-2
gpg:
bacongobbler@broodlord ~ ><> lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 1050:0407 Yubico.com Yubikey 4 OTP+U2F+CCID
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
bacongobbler@broodlord ~ ><> sudo service pcscd restart
* Restarting PCSC Lite resource manager pcscd [ OK ]
bacongobbler@broodlord ~ ><> gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: D2760001240103040006151497850000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 15149785
Name of cardholder: Matthew Fisher
Language prefs ...: en
Salutation .......:
URL of public key : https://github.com/bacongobbler.gpg
Login data .......: bacongobbler
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 221
KDF setting ......: off
Signature key ....: FEC0 BAEB F34B D22B DFB8 F385 887E D804 87CE 4E0F
created ....: 2021-10-14 16:36:07
Encryption key....: AF60 23B1 29F9 8869 8640 FFAC 8B4D 4C49 9708 809C
created ....: 2021-10-14 16:36:34
Authentication key: AAC1 542B 6F2D 1F81 16E5 C36B 9C67 2D4C 8C6C AE87
created ....: 2021-10-14 16:36:56
General key info..: [none]
ykman:
bacongobbler@broodlord ~ ><> ykman info
Device type: YubiKey 5 NFC
Serial number: 15149785
Firmware version: 5.4.3
Form factor: Keychain (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled.
Applications USB NFC
FIDO2 Enabled Enabled
OTP Enabled Enabled
FIDO U2F Enabled Enabled
OATH Enabled Enabled
YubiHSM Auth Enabled Enabled
OpenPGP Enabled Enabled
PIV Enabled Enabled
bacongobbler@broodlord ~ ><> ykman fido info
Error: No YubiKey found with the given interface(s)
As a result I am unable to access the FIDO2 resident key for SSH, so I have to resort to use the GPG key instead.
I got this working and wrote a tutorial, for anyone interested.
@1-bit-wonder does this work for user presence detection as well as setting a pin? Have you noticed any issues with that approach?
I'm currently using windows-fido-bridge but it isn't fully reliable and doesn't work properly with ssh-agent. So I'm keen on finding better solutions.
@Neurrone my pin was already set, so I can't say for sure, but I assume it should just work. it takes the pin fine on operations that require it. can confirm user presence detection works.
Is USB/IP going to be the only solution for connecting USB devices to WSL? As far as I know, this solution doesn't capture all cases, and sometimes traditional passthrough is essential. I'm not sure if pentesting with wifi adapters (toggling monitor mode) works with this solution but a super niche case that I know for sure doesn't work is Checkra1n. I assume the reason this issue is still open is because others also want for this.
Why has Microsoft chosen this route, are there unresolvable issues with adding options for typical USB passthrough like other VM solutions?
I got this working and wrote a tutorial, for anyone interested.
Thanks, you motivated me to try it, and now my ESP32's are flashing over WSL. 😱 A painless process to setup, although admin prompt in windows as I needed to force bind (using WireShark libUSBcap so --force), but 2-lines to mount/dismount makes it not overly hard and composite devices work fine.
Has there been any sign from the team that they intend to support this natively, while usbipd
works on Intel, it unfortunately isn't supported (not looks likely to be) on Arm (which makes working with the dev kit unpleasant).
Is it possible to get native support for this usbipd unfortunately only works if you have adminstrator access. Which i don't on my work machine and that limits the ability to use Yubikeys from WSL linux distros. USB passthrough shouldn't need Local Admin.
hi.. has anyone managed to get this working with usb wifi adapters? i did the attach and when i do lsusb on wsl i get Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 2357:011e TP-Link AC600 wireless Realtek RTL8811AU [Archer T2U Nano] Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
but when doing iwconfig i still can't see any wi-fi adapters
WiFi is shared from Windows to WSL, no need to set it up on WSL.
Is native support coming?
Another ping and request for status on native USB support. Especially valuable for embedded devices, serial ports etc.. Many kudus to https://github.com/dorssel/usbipd-win/, but this really needs to be supported natively. Is it in any timeline?
This bug-tracker is monitored by developers and other technical types. We like detail! So please use this form and tell us, concisely but precisely, what's up. Please fill out ALL THE FIELDS!
If you have a feature request, please post to the UserVoice. If you're reporting a BSOD, don't post here! Instead, e-mail "secure@microsoft.com", and if possible attach the minidump from "C:\Windows\minidump\".
Your Windows build number: Microsoft Windows [Version 10.0.14393]
What you're doing and what's happening: Trying to use the adb package to talk to embedded boards via USB. Used apt-get to install it.
What's wrong / what should be happening instead: The adb utility finds no devices.
Strace of the failing command, if applicable: (If
<cmd>
is failing, then runstrace -o strace.txt -ff <cmd>
, and post the strace.txt output here)n/a
See our contributing instructions for assistance.