Titan Security Key

During Nullcon I got a Titan Security Key. This device by Google is very similar to the popular Yubikeys. Unlike the first generation of Yubikeys is the Titan Security Key not generating an OTP (One-time password) but supports FIDO as a second factor. Beside using for websites and alike the device could be used for local access to a system as well. This means that I would only have to carry around one key to rule them all and use my old Yubikey as a backup.

dav

The Titan Key immediately shows up after it’s plugged-in.

[116764.047928] usb 1-9: reset full-speed USB device number 5 using xhci_hcd
[121937.920395] usb 1-1: new full-speed USB device number 22 using xhci_hcd
[121938.047491] usb 1-1: New USB device found, idVendor=096e, idProduct=0858, bcdDevice=44.00
[121938.047501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[121938.047507] usb 1-1: Product: U2F
[121938.047513] usb 1-1: Manufacturer: FT
[121938.055623] hid-generic 0003:096E:0858.0011: hiddev96,hidraw3: USB HID v1.00 Device [FT U2F] on usb-0000:00:14.0-1/input0

To get the Titan Security Key working a new udev rule is needed.

Create a file for the rule:

$ sudo vi /etc/udev/rules.d/60-titan-key.rules

Add this:

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess"

After you are done. A reload of the udev rules is required.

$ sudo udevadm control --reload-rules

The next step is to associating the Titan Security Key with your local user account. Press the key when it’s blinking and your details should be written to the configuration file.

$ pamu2fcfg
user_name:Hxxxc-cHA-3xxxxj-xxxym-xxxX2h-G11_bKZfQ,04xxxxx1a15078c80889

So far so good. To activate the key in authentication process add the following line to the file in /etc/pam.d/ where you want it to use.

auth        sufficient      pam_u2f.so cue authfile=/etc/security/u2f_keys
This entry was posted in Fedora, Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.