Connect Yubikey FIDO2 to Hyper-V Ubuntu Linux Guest VM

Last Modified: Sat, 26 Oct 2024 16:19:33 +0000 ; Created: Sat, 26 Oct 2024 16:19:33 +0000

Hyper-V does not support attaching USB devices to guest VMs. Storage devices could be mapped as remote network paths and some RDP clients could do smart cards, but other USB devices are very limited even when the USB device is plugged into the physical machine running the hypervisor. I found a solution with https://github.com/dorssel/usbipd-win.

Caveats

  1. You must have a TCP/IP network communication path between the device sharing the physical USB and the guest VM with cooperating firewalls
    • The host sharing the USB device does not necessarily have to be the Hyper-V hypervisor.
  2. Communication may not be encrypted
  3. The sharing host needs the usbipd software installed
  4. The guest VM needs the usbip client software installed

Installation

Mostly straight forward following the instructions at https://github.com/dorssel/usbipd-win.

Yubikey with FIDO2 mode not working

I ran into an issue where I could not get a web browser nor the Yubikey Manager to access my Yubikey even though it showed up in `lsusb`. If accessed using root then it worked fine so I discovered it was a permissions issue.
sudo modprobe vhci-hcd

sudo rmmod usbhid && sudo modprobe usbhid
Download 70-u2f.rules
sudo cp 70-u2f.rules /usr/lib/udev/rules.d/
sudo chmod 0644 /usr/lib/udev/rules.d/70-u2f.rules
sudo udevadm control --reload-rules && sudo udevadm trigger
Remove and reattach the Yubikey USB (usbip attach)
You may need to clear your web browser cache