search

FiloSottile / yubikey-agent

yubikey-agent is a seamless ssh-agent for YubiKeys.
https://filippo.io/yubikey-agent
BSD 3-Clause "New" or "Revised" License
2.6k stars 124 forks source link

yubikey-agent -setup fails with error about default #129

Closed AriESQ closed 1 year ago

AriESQ commented 2 years ago

I cannot do yubikey-agent -config even after trying to reset the yubikey. Sometimes the error is the default PIN did not work and sometimes the error is the default management key did not work.

Fresh out of package yubikey nano 5c. (Firmware 5.4.3) macOS: 12.3.1 on M1 Apple Silicon yubikey-agent 1.5 from homebrew


user@host:[/]$ printenv |grep sock
SSH_AUTH_SOCK=/opt/homebrew/var/run/yubikey-agent.sock

user@host:[/v]$ ls /opt/homebrew/var/run/
yubikey-agent.sock

user@:[/var/log]$ brew services info yubikey-agent
yubikey-agent (homebrew.mxcl.yubikey-agent)
Running: ✔
Loaded: ✔
Schedulable: ✘
User: user
PID: 12071
user@host:[/]$ ykman piv reset
WARNING! This will delete all stored PIV data and restore factory settings. Proceed? [y/N]: y
Resetting PIV data...
Success! All PIV data have been cleared from the YubiKey.
Your YubiKey now has the default PIN, PUK and Management Key:
        PIN:    123456
        PUK:    12345678
        Management Key: 010203040506070801020304050607080102030405060708

user@host:[/]$ yubikey-agent -setup
� The PIN is up to 8 numbers, letters, or symbols. Not just numbers!
❌ The key will be lost if the PIN and PUK are locked after 3 incorrect tries.

Choose a new PIN/PUK:
Repeat PIN/PUK:

� Reticulating splines...
‼️  The default PIN did not work

If you know what you're doing, reset PIN, PUK, and
Management Key to the defaults before retrying.

If you want to wipe all PIV keys and start fresh,
use --really-delete-all-piv-keys ⚠️

user@host:[/]$ yubikey-agent -setup --really-delete-all-piv-keys
Resetting YubiKey PIV applet...
� The PIN is up to 8 numbers, letters, or symbols. Not just numbers!
❌ The key will be lost if the PIN and PUK are locked after 3 incorrect tries.

Choose a new PIN/PUK:
Repeat PIN/PUK:

� Reticulating splines...
‼️  The default PIN did not work

If you know what you're doing, reset PIN, PUK, and
Management Key to the defaults before retrying.

If you want to wipe all PIV keys and start fresh,
use --really-delete-all-piv-keys ⚠️
hynek commented 1 year ago

While the lack of response is concerning, I have just solved the same problem with this https://github.com/FiloSottile/yubikey-agent/issues/78#issuecomment-966577249

TL;DR: the PIN must be at least 6 chars; maybe you have to use yubikey-agent --really-delete-all-piv-keys -setup