Docs

Guides

Using Token2 FIDO2 keys under Linux

Name: Token2 C301-i programmable hardware token for Office 365 and Azure MFA
Brand: Token2
SKU: t2-51
Price: 21 EUR
Availability: InStock
Rating: 5 (4752 reviews)

Although many modern versions of Linux have native support for FIDO2 USB keys, quite a lot still do not support them out of the box. The reason is that, by default, USB dongles can't be accessed by users, for security reasons. To allow user access, so-called "udev rules" must be installed.

It is quite easy to fix this: manually, create a file like 70-token2-access.rules under your /etc/udev/rules.d directory with the following content

# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"

# Key-ID FIDO U2F
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="349e", ATTRS{idProduct}=="0010", TAG+="uaccess"

LABEL="u2f_end"

Additionally, run the following command after you create this file (it is not necessary to do this again in the future):

sudo udevadm control --reload-rules && sudo udevadm trigger

Hardware IDs

The IDs shown in the code above are given as an example only. Follow the instructions below to find the ID values of other security key models.

For use with some applications, such as security software, you may need to know the USB product ID (PID) of the FIDO security key you have. You can use the steps below to find the USB PID of your device.

Windows

Open Devices and Printers in the Control Panel.
Right-click on the icon for the FIDO Security key and choose Properties.
Click on the Hardware tab.
Click on Properties button
Click on Details tab.
Change Property drop down to Hardware IDs.
You will see the PID listed.

Linux

Open Terminal.
Run: lsusb | grep -i FIDO
You will see pairs of VendorID:ProductID listed.

macOS

Open System Report (Apple Menu > About This Mac > System Report).
Navigate to Hardware > USB.
Select the FIDO key.
See the Product ID below.