You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First and foremost, congrats on the project! It is pretty good and solves a pretty big problem for me :)
I've the following setup:
1 GPG key in my Yubikey
1 SSH key in my Yubikey
I use them both a lot. My SSH key is mainly for connecting to some servers I manage, but also for pushing commit using Git. My GPG key is used both for encryption, but also for signing git commits.
Anyway, I followed this guide to setup my GPG inside my Yubikey, and it works as expected. But, it seems that the usage of my GPG key somehow breaks the Yubikey-agent.
Let me explain.
Every time I run git commit ... I'm prompted by my OS to type my GPG key password (from inside my Yubikey). Them, afterwards, usually I run git push and when I do so I got an error like the following:
Load key "/home/delucca/.ssh/id_yubikey.pub": invalid format
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
After that, if I check my yubikey-agent service, I see the following:
❯ systemctl --user status yubikey-agent.service
● yubikey-agent.service - Seamless ssh-agent for YubiKeys
Loaded: loaded (/usr/lib/systemd/user/yubikey-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-12-14 17:15:31 -03; 15s ago
Docs: https://filippo.io/yubikey-agent
Main PID: 568094 (yubikey-agent)
Tasks: 8 (limit: 38436)
Memory: 2.5M
CPU: 7ms
CGroup: /user.slice/user-1000.slice/[email protected]/app.slice/yubikey-agent.service
└─568094 yubikey-agent -l /run/user/1000/yubikey-agent/yubikey-agent.sock
dez 14 17:15:31 delucca-workstation systemd[2422]: Started Seamless ssh-agent for YubiKeys.
dez 14 17:15:35 delucca-workstation yubikey-agent[568094]: 2021/12/14 17:15:35 Connecting to the YubiKey...
dez 14 17:15:35 delucca-workstation yubikey-agent[568094]: 2021/12/14 17:15:35 agent 11: could not reach YubiKey: connecting to smart card: the smart card cannot be accessed because of other connections outstanding
Even if I run systemctl --user restart yubikey-agent.service the error persists. What I need to do is physically remove the Yubikey, wait 1-2s and them plug it again. Them, restart the Yubikey agent and my SSH key works in the git push
After that, if I only run commands using my SSH keys (connect to a given server, fetch, push, etc) it works every time. But, as soon as I use my GPG key from within my Yubikey, the same issue happens again.
Anyone have any idea how to fix this?
Edit 1: I've just found out that the same issue happens in the other direciton. If I'm using my Yubikey for the SSH key I can't sign any GPG commits, neither encrypt data (with my GPG key inside the Yubikey). I need to phisically remove and insert again in other do use it for GPG 🤔
The text was updated successfully, but these errors were encountered:
I run into this with another command line utility that uses the yubikey to get an SSH certificate. I added the following to my .bashrc, wrapping that utility:
functionssh-add {
local _usbdev=$(lsusb | grep Yubico | awk '{x=$2+0;print x}')
sudo sh -c "echo 'usb${_usbdev}' >/sys/bus/usb/drivers/usb/unbind"
sudo sh -c "echo 'usb${_usbdev}' >/sys/bus/usb/drivers/usb/bind"
sleep 1
/path/to/ssh-add $*
}
This only supports one Yubico device being plugged in, but that's OK for me. It parses the lsusb output to get the bus device the yubikey is plugged into, resets that bus, sleeps a second (this could be shortened probably), then runs the utility. So far, it seems to work for me.
From #98 (comment)
Use sudo lsof +E /run/pcscd/pcscd.comm to see which processes may access the yubikey. In my case it was gnomes gsd-smartcard daemon.
Hi!
First and foremost, congrats on the project! It is pretty good and solves a pretty big problem for me :)
I've the following setup:
I use them both a lot. My SSH key is mainly for connecting to some servers I manage, but also for pushing commit using Git. My GPG key is used both for encryption, but also for signing git commits.
Anyway, I followed this guide to setup my GPG inside my Yubikey, and it works as expected. But, it seems that the usage of my GPG key somehow breaks the Yubikey-agent.
Let me explain.
Every time I run
git commit ...
I'm prompted by my OS to type my GPG key password (from inside my Yubikey). Them, afterwards, usually I rungit push
and when I do so I got an error like the following:After that, if I check my
yubikey-agent
service, I see the following:Even if I run
systemctl --user restart yubikey-agent.service
the error persists. What I need to do is physically remove the Yubikey, wait 1-2s and them plug it again. Them, restart the Yubikey agent and my SSH key works in thegit push
After that, if I only run commands using my SSH keys (connect to a given server, fetch, push, etc) it works every time. But, as soon as I use my GPG key from within my Yubikey, the same issue happens again.
Anyone have any idea how to fix this?
Edit 1: I've just found out that the same issue happens in the other direciton. If I'm using my Yubikey for the SSH key I can't sign any GPG commits, neither encrypt data (with my GPG key inside the Yubikey). I need to phisically remove and insert again in other do use it for GPG 🤔
The text was updated successfully, but these errors were encountered: