search

Yubico / yubikey-manager

Python library and command line tool for configuring any YubiKey over all USB interfaces.
https://developers.yubico.com/yubikey-manager/
BSD 2-Clause "Simplified" License
871 stars 125 forks source link

YubiKey-Manager GUI doesnt detect Yubikey on Ubuntu 24.04 #616

Closed warioishere closed 3 months ago

warioishere commented 4 months ago

YubiKey-Manager doesnt detect my Yubikey 5NFC after I upgraded from Ubuntu 22.04 to 24.04 ykman list sees my yubikey though and I can use it for FIDO authentication

Steps to reproduce

Reinstall Manager, didnt help, yubikey-manager doesnt detect Yubikey, Also Yubikey Authenticator

Expected result

That it works again, but it didnt.

Actual results and logs

NameError: name 'yubikey' is not defined
)
qml: qrc:/qml/YubiKey.qml:208: TypeError: Cannot read property 'success' of undefined
"PyOtherSide error: Traceback (most recent call last):\n\n  File \"<string>\", line 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
qml: Function not found: 'yubikey.controller.refresh' (Traceback (most recent call last):

  File "<string>", line 1, in <module>

Other info

As stated, yubikey authenticator also doesnt detect my yubikey anymore and is also unusable.

Greetings

dainnilsson commented 3 months ago

The repository for YubiKey Manager GUI is https://github.com/Yubico/yubikey-manager-qt, however, it seems your problem isn't really tied to that, since you're having problems with Yubico Authenticator as well. Can you try running ykman --diagnose with the YubiKey attached, and providing the output of that here?

random578036896547 commented 3 months ago

Hello I can also confirm this issue. After clean install of Ubuntu 24.04 ykman cli works, but yubikey-manager-qt (apt-get installed) does not detect anything (I have two NFC5 yubikeys) . (previous installations on same device worked 20.04-23.10). Also yubikey-luks-enroll does not actually work - it creates new key-slot (seen in luksDump) but when i try using that slots key, I get no key found. (That bothers me more)

ykman --diagnose ykman: 5.2.1 Python: 3.12.3 (main, Apr 10 2024, 05:33:47) [GCC 13.2.0] Platform: linux Arch: x86_64 System date: 2024-06-18 Running as admin: False Detected PC/SC readers: Yubico YubiKey OTP+FIDO+CCID 00 00: Success

Detected YubiKeys over PC/SC: ScardYubiKeyDevice(pid=0407, fingerprint='Yubico YubiKey OTP+FIDO+CCID 00 00'): Management:
Raw Info: DeviceInfo: config:
enabled_capabilities:
USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23b

      auto_eject_timeout:         0
      challenge_response_timeout: 15
      device_flags:               0

    serial:      <sanitized_output>
    version:     5.2.7
    form_factor: Keychain (USB-C)
    supported_capabilities:
      USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f
      NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f

    is_locked:   False
    is_fips:     False
    is_sky:      False

  Name: YubiKey 5C NFC

PIV:         
  PIV version:              5.2.7
  PIN tries remaining:      3
  Management key algorithm: TDES
  CHUID: <sanitized_output>
  CCC:   No data available
  Slot 9A (AUTHENTICATION):
    Algorithm:   ECCP256
    Subject DN:  CN=<sanitized_output>
    Issuer DN:   CN=<sanitized_output>
    Serial:      <sanitized_output>
    Fingerprint: <sanitized_output>
    Not before:  <sanitized_output>
    Not after:   <sanitized_output>

  Slot 9E (CARD_AUTH):
    Algorithm:   ECCP256
    Subject DN:  CN=<sanitized_output>
    Issuer DN:   CN=<sanitized_output>
    Serial:      <sanitized_output>
    Fingerprint: <sanitized_output>
    Not before:  <sanitized_output>
    Not after:   <sanitized_output>

OATH:        
  Oath version:       5.2.7
  Password protected: False

OpenPGP:     
  OpenPGP version:            3.4
  Application version:        5.2.7
  PIN tries remaining:        3
  Reset code tries remaining: 0
  Admin PIN tries remaining:  3
  Require PIN for signature:  Once
  Touch policies:            
    Signature key:      Off
    Encryption key:     Off
    Authentication key: Off
    Attestation key:    Off

YubiHSM Auth: YubiHSM Auth not accessible ApplicationNotAvailableError()

Detected YubiKeys over HID OTP: OtpYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw4'): Management: Raw Info: DeviceInfo: config:
enabled_capabilities:
USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23b

      auto_eject_timeout:         0
      challenge_response_timeout: 15
      device_flags:               0

    serial:      <sanitized_output>
    version:     5.2.7
    form_factor: Keychain (USB-C)
    supported_capabilities:
      USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f
      NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f

    is_locked:   False
    is_fips:     False
    is_sky:      False

  Name: YubiKey 5C NFC

OTP:
  ConfigState(configured: (True, True), touch_triggered: (True, False), led_inverted: False)

Detected YubiKeys over HID FIDO: CtapYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw5'): CTAP device version: 5.2.7 CTAPHID protocol version: 2 Capabilities: 5 Management:
Raw Info: DeviceInfo: config:
enabled_capabilities:
USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23b

      auto_eject_timeout:         0
      challenge_response_timeout: 15
      device_flags:               0

    serial:      <sanitized_output>
    version:     5.2.7
    form_factor: Keychain (USB-C)
    supported_capabilities:
      USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f
      NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 0x23f

    is_locked:   False
    is_fips:     False
    is_sky:      False

  Name: YubiKey 5C NFC

Ctap2Info:
  versions:                        
    U2F_V2
    FIDO_2_0
    FIDO_2_1_PRE

  extensions:                      
    credProtect
    hmac-secret

  aaguid:                           <sanitized_output>
  options:                         
    rk:                    True
    up:                    True
    plat:                  False
    clientPin:             False
    credentialMgmtPreview: True

  max_msg_size:                     1200
  pin_uv_protocols:                
    1

  max_creds_in_list:                8
  max_cred_id_length:               128
  transports:                      
    nfc
    usb

  algorithms:                      
    alg:  -7
    type: public-key
    alg:  -8
    type: public-key

  max_large_blob:                   None
  force_pin_change:                 False
  min_pin_length:                   4
  firmware_version:                 None
  max_cred_blob_length:             None
  max_rpids_for_min_pin:            0
  preferred_platform_uv_attempts:   None
  uv_modality:                      None
  certifications:                   None
  remaining_disc_creds:             None
  vendor_prototype_config_commands: None

PIN: Not configured

End of diagnostics

dainnilsson commented 3 months ago

@random578036896547 The diagnose output seems to indicate everything working fine with ykman, just as you said. That should also indicate that system services like pcscd as well as permissions for your user are correctly configured to use the YubiKey.

I do not believe that YubiKey Manager GUI is expected to work on currently 24.04 due to one of its dependencies (pyotherside) not being compatible with Python 3.12. I would strongly recommend using Yubico Authenticator (https://github.com/Yubico/yubioath-flutter) instead.

I can't help you with yubikey-luks-enroll as that isn't a Yubico product.

random578036896547 commented 3 months ago

Ok, thanks for advice, I tried Yubico Authenticator and I can confirm that its working. Regarding yubico-luks I opend issue #95 at their github https://github.com/cornelinux/yubikey-luks/issues/95 thx for help.

dainnilsson commented 3 months ago

Great! I will close this issue since there is nothing to be done for this project.