bitmage
commented
2 years ago Open bitmage opened 2 years ago
bitmage
commented
2 years ago 
deuill
commented
2 years ago There was a recent upgrade to the piv-go dependency, from which these error messages originate. Does this still fail against the latest version (you'll need to have Go installed and do go install filippo.io/yubikey-agent@f35f7d1754893ab74970e9a72909b7901d2e1718 to get the specific version)?
terrell-r
commented
2 years ago I'm in the same boat, as a temporary workaround run:
eval ssh-agent
KristijanL
commented
2 years ago i got two devices YubiKey 5C NFC Firmware: 5.4.3
ssh user@server.test
sign_and_send_pubkey: signing failed for RSA "YubiKey #17110102 PIV Slot 9a" from agent: agent refused operation
user@server.test: Permission denied (publickey).YubiKey NEO Firmware: 3.4.3
ssh user@server.test
Linux server.test 4.9.0-16-amd64 #1 SMP Debian 4.9.272-2 (2021-07-19) x86_64
Last login: Wed Nov 17 06:21:51 2021 from user.testi have tested with the filippo.io/yubikey-agent@f35f7d1754893ab74970e9a72909b7901d2e1718 - still the same issue, just with 5C NFC device.
Spitfireap
commented
2 years ago Hi,
same issue here with a Yubikey 5 NFC. Firmware is 5.4.3.
systemctl --user status yubikey-agent show this error :
déc. 07 18:27:34 Desktop yubikey-agent[1852]: 2021/12/07 18:27:34 Reconnecting to the YubiKey...
déc. 07 18:27:42 Desktop yubikey-agent[1852]: 2021/12/07 18:27:42 agent 13: pin prompt: unexpected response: ERR 83918950 Inappropriate ioctl for device <Pinentry>It did work when I set it up... :/
Spitfireap
commented
2 years ago After some test, reboot doesn't solve the issue, but disabling and re-enabling yubikey-agent service seems to work ?! I'll try to do more in depth testing :).
aaomidi
commented
2 years ago Same issue here, restarting & disable/enabling the yubikey-agent did not solve the problem.
aaomidi
commented
2 years ago I've built from main and now the error I get is:
agent 13: pin prompt: pinentry: unexpected response: "S ERROR curses.isatty 83918950 "Try this : open a terminal, unplug your Yubikey, replug, wait a few second and replug. It works for me. It was GPG agent that was hijacking the key
smlx
commented
2 years ago If gpg-agent is taking a transaction you might be able to stop it doing that by adding disable-scdaemon to gpg-agent.conf.
sebastianblunt
commented
1 year ago I'm running into this issue only when running yubikey-agent using systemd. If I stop the systemd service and run yubikey-agent -l /run/user/1000/yubikey-agent/yubikey-agent.sock from a terminal then it works correctly. I got it working by adding
Environment="DISPLAY=:0"
Environment="XAUTHORITY=/home/sebastian/.Xauthority"to the systemd service. Not sure why it wasn't able to pick that up automatically or if there's a cleaner way to solve the issue.
Probably also related to #92.
fosskers
commented
1 year ago I get the error even when running yubikey-agent manually. I'm also told this (directly from the agent):
2022/09/15 10:49:25 agent 27: ssh: parse error in message type 27
2022/09/15 10:49:25 Connecting to the YubiKey...
2022/09/15 10:49:26 agent 13: pin prompt: unexpected response: ERR 83918950 Inappropriate ioctl for device <Pinentry>
NA3
commented
1 year ago go install filippo.io/yubikey-agent@f35f7d1754893ab74970e9a72909b7901d2e1718
this have solve my issue
upsj
commented
11 months ago My workaround (WSL2 + Ubuntu on Windows) for this issue (or a related one, I also got the S ERROR curses.isatty 83918950 error) was to install pinentry-gtk-2 and fake a TTY and display for it by adding the following two environment variables to its systemd config:
[Service]
Environment=DISPLAY=:0
Environment=GPG_TTY=/dev/pts/1
mutlusun
commented
4 months ago Hello,
I encountered the same errors (S ERROR curses.isatty 83918950 and connecting to smart card: the smart card cannot be accessed because of other connections outstanding). Thanks for providing help here!
In my case, yubikey-agent worked fine after enabling/disabling the service or a restart of the service after a reboot. I came to the conclusion that some ressource seems not to be available at the start of the service. I tried pcscd.socket and pcscd.service and they are not the problem.
However, the following line in the service file helped:
[Service]
ExecStartPre=/bin/sleep 10After that everything works fine. I don't understand what resource might be missing as the yubikey-agent service starts in user context, so everything else should already be started.
I have the following two devices:
My laptop is running Manjaro Linux (Kernel 5.10.70).
Steps taken:
yubikey-agent -setupon each hardware device. No problems, received a public key for each..ssh/authorized_keysfile onremoteserverIdentityAgent /run/user/1000/yubikey-agent/yubikey-agent.sockto the.ssh/configentry forremoteserveron my laptop.yubikey-agentis running and bound to the above socket.I'm on Manjaro, and the
yubikey-agentlogs are getting dumped into the syslogs. Is there a way to configure where the logs go?With
journalctl | grep yubikey-agentI see:I'm not really sure what else to do with this. Did I miss a step? At what point is it supposed to ask me for pin entry? I'm surprised also that it is using ECC with the 5.12 firmware device which is said not to support ECC. I'm not sure how the key generation succeeded there.