search

FiloSottile / yubikey-agent

yubikey-agent is a seamless ssh-agent for YubiKeys.
https://filippo.io/yubikey-agent
BSD 3-Clause "New" or "Revised" License
2.6k stars 124 forks source link

"error fetching identities: agent refused operation" on Arch #149

Open zenermerps opened 5 months ago

zenermerps commented 5 months ago

Hey,

When installing yubikey-agent from AUR and applying the steps mentioned in the README, in the current version of Arch you get the error above if you try to use ssh-add -L.

I found out that this is because of polkit, so I had to add the following rules to make it work as /etc/polkit-1/rules.d/99-pcscd.rules:

polkit.addRule(function(action, subject) {
    if (action.id == "org.debian.pcsc-lite.access_card" &&
        subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});
polkit.addRule(function(action, subject) {
    if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
        subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});

(See Arch Wiki)

After doing this and restarting the polkit service, it now works as intended.