3

I have set up a web page access with two-factor authentication. Using Firefox installed via Snap, I have been able to access my account. The flow is like this: The web page asks for username and password, when correctly inserted, Firefox asks me to touch my Yubikey, which lights up in that moment. I'm logged in. (The authentication method is called Yubikey U2F, if I'm not mistaken.)

Due to performance problems I have removed Firefox installed via Snap and instead installed it via apt. However, since that change I cannot authenticate on the same web page using Firefox. The page directly fails ("failed to authenticate via security key"), the Yubikey never lights up.

The same flow works flawlessly on Chrome. Reverting Firefox to Snap also re-enables U2F to work but I would like to avoid that.

System info:

  • System: Ubuntu 22.04 Desktop
  • I have installed libpam-u2f as recommended on yubico's documentation.
  • Firefox: 107.0 from ppa:mozillateam/ppa
  • Chrome: 107.0.5304.110 download from google.de/chrome
  • Yubikey: 5C NFC
Manu J4
  • 339

3 Answers3

3

I finally managed to solve it by uninstalling Firefox, removing the ~/.mozilla folder (careful: you lose all personal settings, consider using Firefox Sync), and re-installing it.

Manu J4
  • 339
0

I had the same issue as my U2F key (Yubikey WebAuth / U2F) worked with Firefox installed as a snap, but not with the deb installed from the repository using apt.

I installed Firefox by downloading from the site:

$ wget -O ~/FirefoxSetup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64"
$ sudo tar xjf ~/FirefoxSetup.tar.bz2 -C /opt/
$ sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox

You can delete the tar afterwards.
This solution is not ideal as

  1. You will need to ensure updates are done as needed
  2. You need to setup your own desktop icon.

However, it does allow you to avoid installing from snap.

I am unfortunately unsure why the package installed from the official repo does not allow Yubikey devices to be used. Any ideas on how to make this work would be appreciated.

Using the snap is also not an option for me as it results in graphic defects when using fractional scaling on Ubuntu (which I have not yet seen with the deb package).

zx485
  • 2,865
Trent Crawford
  • 11
-1

I think the issue you are seeing is is caused by apparmor config and appears to be an acknowledged issue: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1930769

I solved this issue by creating a /etc/apparmor.d/local/usr.bin.firefox file and pasting the snippet from https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1930769/comments/5 into it.

This question may also be a duplicate of Apparmor enforce mode prevents Firefox from reading U2F security key

chris48s
  • 11