Unable to get yubikey neo u2f working in Linux inside of VMWare Workstation

After talking to a solutions architect at Yubico, we determined that VMWare Workstation .vmx configuration files cannot be directly edited if the virtual machine is encrypted.

In order to make the yubikey work inside the virtual machine, you should follow these steps:

  1. Decrypt the virtual machine if it is encrypted. Edit the virtual machine settings, select the Options tab, select Access Control, then click the Remove Encryption button.
  2. Now, edit the .vmx file. This is the configuration file for your virtual machine. Navigate to the directory containing your virtual machine, find the .vmx file (there should be exactly one), then open it in notepad. Search for a line that says usb.present = "TRUE" and insert the following two lines:

    usb.generic.allowHID = "TRUE"
    usb.generic.allowLastHID = "TRUE"
    
  3. Note that Yubico recommended also adding:

    usb.generic.autoconnect = "FALSE"
    

    They also recommended removing any instance of:

    usb.autoConnect.device0 = ...
    
  4. Save your .vmx file.

  5. Shut down and restart VMWare Workstation.
  6. Start up your virtual machine.
  7. Plug in your yubikey. On the VMWare menu, pull down the VM option, then Removable Devices. Select the Yubico.com Yubikey NEO OTP+U2F+CCID. Connect it to your virtual machine. Note! You may see a second option for a "Shared Yubikey". This is not the option you want.
  8. When challenged for your u2f authentication, your token should flash. Press it to authenticate.
  9. If you decrypted your virtual machine, don't forget to reencrypt it. Edit the virtual machine settings, select the Options tab, select Access Control, then click the Encrypt button.