search

Ovyerus / gfh

Git FIDO Helper - Sign your Git commits with multiple resident SSH keys
MIT License
23 stars 3 forks source link

`gfh -a` or `gfh` does not find connected FIDO keys #4

Closed mhorst00 closed 2 months ago

mhorst00 commented 2 months ago

I compiled version 0.0.4 with cargo on my linux system (openSUSE Aeon/Fedora 40) and configured my ~/.config/gfh/keys file correctly (I think):

cat ~/.config/gfh/keys
serial::~/.ssh/id_ed25519_sk_rk_yk-5c
serial::~/.ssh/id_ed25519_sk_rk_yk-5n

When executing gfh, I get:

Error: no matching FIDO key found in the config at /home/$USER/.config/gfh/keys

Stack backtrace:
   0: gfh::main
   1: std::sys_common::backtrace::__rust_begin_short_backtrace
   2: std::rt::lang_start::{{closure}}
   3: std::rt::lang_start_internal
   4: main
   5: __libc_start_call_main
   6: __libc_start_main_impl
   7: _start

gfh -a gives me:

Error: was not able to find any connected FIDO keys

Stack backtrace:
   0: anyhow::error::<impl anyhow::Error>::msg
   1: gfh::add_key::run
   2: gfh::main
   3: std::sys_common::backtrace::__rust_begin_short_backtrace
   4: std::rt::lang_start::{{closure}}
   5: std::rt::lang_start_internal
   6: main
   7: __libc_start_call_main
   8: __libc_start_main_impl
   9: _start

At first, I had some issues because of missing pcscd (pcsc-lite on rpm distros). I fixed them and got to this. ssh works fine with both of my keys, which is why I believe the error to be in gfh.

Is this description sufficient or should I check some more things on my system?

Ovyerus commented 2 months ago

I'm not able to reproduce this on my NixOS desktop, nor in a Fedora 40 distrobox.
Does anything show up when running pcsc_scan from pcsc-tools?

mhorst00 commented 2 months ago

I installed pcsc-lite on my Aeon host and enabled the pcscd.socket. This seems to work. I then tried pcsc_scan in my Fedora 40 distrobox and this did not work. However, I tested on a Fedora Silverblue 40 inside another distrobox with pcsc_scan and there it found my Yubikey. So the issue seems to be something specific to openSUSE Tumbleweed or even just Aeon. Is there a good way to debug this?

Edit: I forgot to mention that ykman works for me on both machines and even prints a PC/SC error with pcscd.socket disabled.

mhorst00 commented 2 months ago

Found my error: just installing pcsc-lite is not enough on openSUSE Tumbleweed repos. I also needed to manually install pcsc-ccid to enable the generic USB CCID interface for pcscd. Now gfh is able to pick up my keys. Thank you for the help anyway!