[SOLVED] Cannot setup U2F in Proxmox 7

M

membranex

Member
Nov 6, 2018
20
3
8
40
Hi,

I have a fresh Proxmox 7 install. Since I only use it with one machine I did not register a domain - instead I have an entry for proxmox in /etc/hosts on my laptop and proxmox install. UI works fine with self signed certificate. I tried setting up my U2F token as TFA. For sake of example lets assume my server name in /etc/hosts is: servername.home.local. I added following appid: u2f: appid=https://servername.home.local:8006. Unfortunately when I add u2f token for my (root) user I get an immediate error: U2F Error: Bad Request

How can I fix this?
 
Hi,

Does your system/browser fully trust the CA of the PVE host or did you only add an exception for this site?
As IIRC, u2f only works if your system(s) browser trust the CA the certificate was signed with else it won't work.

Did you also configure the u2f settings in the Datacenter Options? The Origin as https://fqdn:8006 is normally enough, FQDN needs to be one of the subjects on the TLS cert.
 
  • Like
Reactions: membranex
I have a similar problem.
Newly installed single node Proxmox 7.0-11. Will use 2FA with Yubikey.
Have a number of systems where it is possible - the new one does not want to.

Facility:
Datacenter - Users "my User"
"TFA" -> "U2F" -> enter my password - return...
Not a second then comes "Bad Request"

I solved it like this
Datacenter - Options - U2f Settings
At the end there was still "/"
https: //server.dom: 8006 /
The "/" has to go - then it works

Bye...
 
Last edited:
  • Like
Reactions: membranex and t.lamprecht
t.lamprecht said:
Hi,

Does your system/browser fully trust the CA of the PVE host or did you only add an exception for this site?
As IIRC, u2f only works if your system(s) browser trust the CA the certificate was signed with else it won't work.

Did you also configure the u2f settings in the Datacenter Options? The Origin as https://fqdn:8006 is normally enough, FQDN needs to be one of the subjects on the TLS cert.
Click to expand...
Thanks for help! I have a valid SSL cert - the problem was on my side. I misunderstood documentation and was inputting 'u2f: appid=<url>' into the 'appid' field - instead what I needed was to put *just* the url there :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back