YubiKey on FreeBSD

Yubikeys are used for 2 factor authentication. But you probably already knew that if you are bothering to read this post. They can be quite handy and get you away from the authenticator app on your phone. Let us cut to the chase on these devices on FreeBSD. First we need to install some packages to get things working then enable some services. First install the following packages:

yubikey-manager
yubikey-personalization-gui
yubioath-desktop
pcsc-lite
pcsc-tools


Next we need to enable the pcsc service to allow the system to talk to the yubikey. Add the following lines to your /etc/rc.conf file:

# yubikey driver
pcscd_enable="YES"

One weird thing with the yubikey on FreeBSD. If I run ykman list as my normal user I get:

$ykman list
WARNING: PC/SC not available. Smart card (CCID) protocols will not function.
ERROR: Unable to list devices for connection
YubiKey 5 NFC (5.4.3) [OTP+FIDO+CCID] Serial: 25330243


If I run the command as root I get:

#ykman list
YubiKey 5 NFC (5.4.3) [OTP+FIDO+CCID] Serial: 25330243

The way to fix this is to setup the devfs.conf file to allow any user to access the key. Now it weirdly still works without this step but who likes errors? No one. Add the following line to the bottom of your /etc/devfs.conf file:

perm /dev/usbhid1 0666

A good writeup of how to configure all the various services with your yubikey can be found at:
Yubikey setup on FreeBSD