[yubikey_provision] Provisioning FAILED: IO error occurred

[aleex1848]

I'm trying to provision yubikey. I'm using Ubuntu-Desktop inside VMWARE Workstation Player VM. The Yubikey is passed through to the VM (from my windows pc)

inside VM i can use ykman without issues. e.g.

user@user-virtual-machine:~$ ykman list
YubiKey 5 NFC (5.4.3) [OTP+FIDO+CCID] Serial: 23xxxxxx

and

user@user-virtual-machine:~$ ykman --device 23xxxxxx info
Device type: YubiKey 5 NFC
Serial number: 23xxxxxx
Firmware version: 5.4.3
Form factor: Keychain (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled.

Applications    USB     NFC    
Yubico OTP      Enabled Enabled
FIDO U2F        Enabled Enabled
FIDO2           Enabled Enabled
OATH            Enabled Enabled
PIV             Enabled Enabled
OpenPGP         Enabled Enabled
YubiHSM Auth    Enabled Enabled

My command for provisioning: sudo yubikey-provision --log-level=debug --ca-file ./defguard-ca.pem --id MyFancyId --grpc https://defguard.xxxxx.de:50055 -t myToken

trying to provision the result is:

2024-02-03 10:06:19.810][DEBUG][yubikey_provision] config loaded
[2024-02-03 10:06:19.810][DEBUG][yubikey_provision] gpg command: gpg
[2024-02-03 10:06:19.810][DEBUG][yubikey_provision] ykman present
[2024-02-03 10:06:19.810][DEBUG][yubikey_provision] URL: https://defguard.xxxxx.de:50055
[2024-02-03 10:06:19.810][INFO][yubikey_provision] TLS configured
[2024-02-03 10:06:19.811][DEBUG][rustls::anchors] add_parsable_certificates processed 137 valid and 0 invalid certs
[2024-02-03 10:06:19.811][DEBUG][rustls::anchors] add_parsable_certificates processed 1 valid and 0 invalid certs
[2024-02-03 10:06:19.811][DEBUG][yubikey_provision] Tonic client crated
[2024-02-03 10:06:19.845][DEBUG][rustls::client::hs] No cached session for DnsName("defguard.xxxxx.de")
[2024-02-03 10:06:19.845][DEBUG][rustls::client::hs] Not resuming any session
[2024-02-03 10:06:19.878][DEBUG][rustls::client::hs] Using ciphersuite TLS13_AES_256_GCM_SHA384
[2024-02-03 10:06:19.878][DEBUG][rustls::client::tls13] Not resuming
[2024-02-03 10:06:19.878][DEBUG][rustls::client::tls13] TLS1.3 encrypted extensions: [Protocols([ProtocolName(6832)]), ServerNameAck]
[2024-02-03 10:06:19.878][DEBUG][rustls::client::hs] ALPN protocol is Some(b"h2")
[2024-02-03 10:06:19.930][DEBUG][yubikey_provision] Worker registered !
[2024-02-03 10:06:19.930][INFO][yubikey_provision] Worker is listening for jobs from https://defguard.xxxxx.de:50055
[2024-02-03 10:06:27.959][DEBUG][yubikey_provision] Job received: GetJobResponse { first_name: "DefGuard", last_name: "Administrator", email: "admin@defguard", job_id: 11 }
[2024-02-03 10:06:27.959][DEBUG][yubikey_provision::gpg] Provisioning start for: admin@defguard
[2024-02-03 10:06:28.583][DEBUG][yubikey_provision::gpg] Key found
[2024-02-03 10:06:28.583][DEBUG][yubikey_provision::gpg] Initiating new gpg session.
[2024-02-03 10:06:28.583][DEBUG][yubikey_provision::gpg] Setting permissions for gpg temp home
[2024-02-03 10:06:28.583][DEBUG][yubikey_provision] Provisioning FAILED: IO error occurred
[2024-02-03 10:06:28.604][DEBUG][yubikey_provision] Job result sent
[2024-02-03 10:06:28.604][ERROR][yubikey_provision] Job failed! Result sent

[filipslezaklab]

Hello! @aleex1848 As logs show : [2024-02-03 10:06:28.583][DEBUG][yubikey_provision] Provisioning FAILED: IO error occurred gpg program has issue with accessing your smartcard (YubiKey), my guess is that due to how the passthrough of the USB device is done from windows to your VM. I recommend you run the provisioner on the system that has direct access to your USB devices. If that is not possible, you can try to follow this guide inside your VM and check if gpg can communicate with your Yubikey from your VM : https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP

[teon]

If this solution doesn't help - please provide more logs and reopen.