Closed robinjhector closed 1 year ago
fdennis
commented
2 years ago This is most likely due to the fact that you have the app running for a long time, which might not be ideal. We know about issues like these and are working on them. Thank you for reporting.
Kevin-Hamilton
commented
2 years ago I am also having this issue on MacOS. If I can run any tests to help speed up a fix for this, let me know.
The fact that having the app running for a long time is "not ideal" under the current design of the software is unacceptable. This software is responsible for generating OATH TOTP codes on-demand. The need for such a code will normally be spread out over the course of the day. If users need to take extra steps such as launching and then closing the software every time they need to generate a TOTP code, they will find other, more convenient methods of generating these codes.
I am currently evaluating this software and hardware for potential rollout to about 50 MacBook devices. If I don't hear about a scheduled fix for this in the next 3-4 weeks, I will have to assume this software/hardware combo is not the right choice for us and will look elsewhere for our security needs.
fdennis
commented
2 years ago @Kevin-Hamilton Sorry for not explaining it deeper in my previous comment, but we have not been able to consistently figure out what is the root cause of the behaviour you see when using the app during long running times. However, we are working on a major rework of the yubioath-desktop that we have planned to release later this year. In this we are using new technologies where we already see better stability and more possibilities for us to resolve issues like yours. Sadly I cannot give more information at this moment, but I hope this addresses some of your concerns regarding using YubiKeys.
Kevin-Hamilton
commented
2 years ago Thanks for that update. I have to say, it makes me wonder if you are not consistently figuring out the behavior because you are not dogfooding your product (i.e., having a diverse set of Yubico employees in development, QA, project management, business operations, sales, etc who use the product to do their job on a day-to-day basis on the MacOS operating system.) I had hoped to replace Google Authenticator on a phone with Yubico Authenticator on the desktop. But based on the frequency with which I need to "Force Quit" the Yubico Authenticator app on MacOS, I can't see this as being a recommendation I can make to our company leaders.
I'm also seeing an additional blocker in the fact that the Yubico Authenticator supports a max of 32 TOTP keys. I already have 36 TOTP keys in Google Authenticator and that number has been increasing every month. It seems that Yubico did not anticipate the growth in TOTP as a 2FA standard. (Or maybe assumed that Webauthn would leapfrog it, which doesn't seem to be the case).
Sorry to clutter up your bugtracking system with this sort of feedback, If there are other channels you recommend I give this feedback through, let me know.
omyno
commented
2 years ago Encountering the same bug on MacOS 12.2.1.
Restarting the application itself does not show the accounts, but switching the USB-C port of the Yubikey makes the accounts show up again. Do you need any additional debug logs to investigate further?
ourichermath
commented
2 years ago I'm having the same issue with Fedora 35. I don't even have to leave the Yubico Authenticator open for the problem to happen. Today, I used it early in the day, shut down the app when I was done and removed the key. This afternoon, I put the key in and started the app and got the "no accounts" notice. I had to reboot to get things to work again. Again, once I was done, I shut down the app and removed the key. Just now (only a couple of hours later), I plugged in the key, started the app and got the same "no accounts" notice. I'm sorry, but this really needs to be fixed. This is a security key that gives me access to my accounts. I can't just reboot the machine every time I need to use the key.
EDIT: I'm having this problem with the Snap version. I did not have it with the native Windows app under Windows 10 or 11. I see reports about it also happening with the Flatpak version. How about the AppImage version? Perhaps I should change over to that?
Yubico Authenticator (v5.1.0 from Snap) YubiKey 5 NFC Firmware version 5.2.7 Operating System: Fedora Linux 35 KDE Plasma Version: 5.24.4 KDE Frameworks Version: 5.91.0 Qt Version: 5.15.2 Kernel Version: 5.16.20-200.fc35.x86_64 (64-bit) Graphics Platform: Wayland Processors: 12 × AMD Ryzen 5 5600X 6-Core Processor Memory: 15.6 GiB of RAM Graphics Processor: AMD Radeon RX 6700 XT
AlexanderBartash
commented
2 years ago The same problem. It started right after I moved to a new linux and installed the app via snap. It has never happened before while it was installed as a .deb packet. I bet it has something to do with snap. In logs I have errors similar to https://github.com/Yubico/yubioath-desktop/issues/761 Skip device: [Errno 13] Permission denied: '/dev/hidraw2
At the same time ykman works fine, which I believe is installed via apt.
Linux 5.15.0-40-generic #43-Ubuntu SMP Wed Jun 15 12:54:21 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Operating System: Kubuntu 22.04
KDE Plasma Version: 5.24.4
KDE Frameworks Version: 5.92.0
Qt Version: 5.15.3
Kernel Version: 5.15.0-40-generic (64-bit)
Graphics Platform: X11
Processors: 32 × AMD Ryzen 9 5950X 16-Core Processor
Memory: 125.7 GiB of RAM
Graphics Processor: AMD Radeon RX 5700 XT
buvinghausen
commented
2 years ago This is most likely due to the fact that you have the app running for a long time, which might not be ideal. We know about issues like these and are working on them. Thank you for reporting.
This is not even remotely the case..... It works initially after install then poof everything goes away no matter if you reboot and never had the app open for any length of time. It's incredibly frustrating to say the least. I really like the product when it works but this absolutely renders it unusable and here we are 9 months later with no resolution. For a commercial product that is absolutely unacceptable.
buvinghausen
commented
2 years ago For anyone running on Ubuntu like me installed via Snap this command will fix the issue just re-plug in your Yubikey after you restart the service
sudo snap restart yubioath-desktop.pcscdWhat a giant pain in the arse but less time consuming than uninstalling and reinstalling every time.
ourichermath
commented
2 years ago Just to let people know, I used the AppImage version for several months without any issue.
buvinghausen
commented
2 years ago If anyone is on a Debian based distro and installs Yubico via Snap or Flatpak you can install pcscd then enable it and reboot
sudo systemctl enable pcscdSure would be nice if the installer did it for you but moving on.
AlexanderBartash
commented
2 years ago I always had pcscd installed and enabled but still have this problem with snap
sasha@sasha-kubuntu:~ $ sudo systemctl status pcscd
[sudo] password for sasha:
○ pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled)
Active: inactive (dead) since Mon 2022-08-22 11:55:09 EEST; 22h ago
TriggeredBy: ● pcscd.socket
Docs: man:pcscd(8)
Main PID: 212283 (code=exited, status=0/SUCCESS)
CPU: 89ms
Aug 22 11:35:25 sasha-kubuntu systemd[1]: Started PC/SC Smart Card Daemon.
Aug 22 11:35:25 sasha-kubuntu pcscd[212283]: 00000000 ccid_usb.c:672:OpenUSBByName() Can't claim interface 5/19: LIBUSB_ERROR_BUSY
Aug 22 11:35:25 sasha-kubuntu pcscd[212283]: 00000163 ifdhandler.c:160:CreateChannelByNameOrChannel() failed
Aug 22 11:35:25 sasha-kubuntu pcscd[212283]: 00000003 readerfactory.c:1138:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0407:libudev:2:/dev/bus/usb/005/019)
Aug 22 11:35:25 sasha-kubuntu pcscd[212283]: 00000001 readerfactory.c:380:RFAddReader() Yubico YubiKey OTP+FIDO+CCID init failed.
Aug 22 11:35:25 sasha-kubuntu pcscd[212283]: 00000021 hotplug_libudev.c:538:HPAddDevice() Failed adding USB device: Yubico YubiKey OTP+FIDO+CCID
Aug 22 11:54:04 sasha-kubuntu pcscd[212283]: 99999999 winscard.c:286:SCardConnect() Error Reader Exclusive
Aug 22 11:55:09 sasha-kubuntu systemd[1]: pcscd.service: Deactivated successfully.
At the same time if I use command line tool ykman installed via apt it works fine.
ntrepid8
commented
2 years ago Enabling pcscd and starting it fixed the issue for me on Ubuntu 22.04:
$ sudo systemctl status pcscd
[sudo] password for ntrepid8:
○ pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled)
Active: inactive (dead)
TriggeredBy: ○ pcscd.socket
Docs: man:pcscd(8)
$ sudo systemctl enable pcscd
Synchronizing state of pcscd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable pcscd
Created symlink /etc/systemd/system/sockets.target.wants/pcscd.socket → /lib/systemd/system/pcscd.socket
$ sudo systemctl start pcscd
$ sudo systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled)
Active: active (running) since Tue 2022-08-30 15:56:21 EDT; 1s ago
TriggeredBy: ● pcscd.socket
Docs: man:pcscd(8)
Main PID: 13567 (pcscd)
Tasks: 4 (limit: 76853)
Memory: 1.3M
CPU: 17ms
CGroup: /system.slice/pcscd.service
└─13567 /usr/sbin/pcscd --foreground --auto-exit
Aug 30 15:56:21 jda-trex systemd[1]: Started PC/SC Smart Card Daemon.
JPvRiel
commented
2 years ago I noticed the snap package warns:
This snap bundles its own version of the pcscd daemon, and is not compatible with running a
system-wide version of pcscd.
To stop the system-wide pcscd:
sudo systemctl stop pcscd
sudo systemctl stop pcscd.socket
To restart the bundled pcscd:
sudo snap restart yubioath-desktop.pcscdFollowing the above steps resolved my "no accounts" issue on Ubuntu 20.04 with the system pcscd v1.8.26-3 service stopped.
Out of interest, when I tried using the system pcscd, the key would often work but then, after a while, stop working. Restarting the system pcscd or the Authentication app or unplugging the yubi-key never seemed to help - it got in some corrupt/stuck state. The following error kept happending despite restarting the system pcscd:
Oct 09 22:08:38 biscuit systemd[1]: Started PC/SC Smart Card Daemon.
Oct 09 22:08:54 biscuit pcscd[74136]: 00000000 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Oct 09 22:08:54 biscuit pcscd[74136]: 00000086 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0407:libudev:0:/dev/bus/usb/004/00>
Oct 09 22:08:54 biscuit pcscd[74136]: 00000003 readerfactory.c:376:RFAddReader() Yubico YubiKey OTP+FIDO+CCID init failed.
marciocarmona
commented
2 years ago I started having a similar issue on Pop!_OS recently and was lazy to investigate it for a while as it still worked on my phone app.
Anyway, for some reason pcscd had died indeed and restarting it (and Authenticator) fixed it! :)
$ sudo systemctl status pcscd
○ pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled)
Active: inactive (dead)
TriggeredBy: ○ pcscd.socket
Docs: man:pcscd(8)
$ ykman list
WARNING: PC/SC not available. Smart card protocols will not function.
YubiKey 5C NFC (5.4.3) [OTP+FIDO+CCID] Serial: ********
$ sudo systemctl restart pcscd
$ ykman list
YubiKey 5C NFC (5.4.3) [OTP+FIDO+CCID] Serial: ********
dainnilsson
commented
1 year ago Yubico Authenticator 6.0 has now been released and uses a new codebase. As such, this issue has been marked with the legacy label, and will be automatically closed in 7 days. If this issue is still relevant to Yubico Authenticator 6, please comment on the issue saying so, and it will be kept open (or be re-opened). Sorry for the inconvenience!
nejclovrencic
commented
1 year ago This still happens on Authenticator 6 on MacOS
benzoo
commented
12 months ago yes, unfortunately the error still exists in Authenticator 6
$ /Applications/Yubico\ Authenticator.app/Contents/MacOS/Yubico\ Authenticator; exit
2023-11-08 16:29:19.608 Yubico Authenticator[7928:14070357] WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.
16:29:19.615 [desktop.init] INFO: Logging initialized, outputting to stderr
16:29:19.619 [desktop.init] INFO: Starting Helper subprocess: /Applications/Yubico Authenticator.app/Contents/Resources/helper-arm64/authenticator-helper
16:29:19.621 [desktop.init] INFO: Helper process started
16:29:19.870 [helper.ykman.logging] INFO: Logging at level: INFO
16:29:19.870 [helper.helper.device] INFO: Log level set to: INFO
16:29:19.870 [desktop.init] INFO: Helper log level set
16:29:19.994 [desktop.devices] INFO: USB state change
{"data":{"state":6479732554957157285,"pids":{"1031":1}},"actions":["get","scan"],"children":{"7446942":{"pid":1031,"name":"YubiKey 4","serial":<censored>}}}
16:29:19.994 [helper.helper.device] WARNING: Unable to connect via <class 'yubikit.core.smartcard.SmartCardConnection'>
Traceback (most recent call last):
File "helper/device.py", line 280, in get_data
File "ykman/device.py", line 257, in open_connection
ValueError: Unsupported Connection type
16:29:20.061 [desktop.devices] INFO: USB state updated, unaccounted for: {}
16:29:20.078 [helper.helper.device] WARNING: Error opening connection
Traceback (most recent call last):
File "helper/device.py", line 289, in ccid
File "helper/device.py", line 273, in _create_connection
File "ykman/device.py", line 257, in open_connection
ValueError: Unsupported Connection type
After leaving the yubikey plugged in for quite some time, and having the Yubikey Authenticator desktop application open for quite some time... The OTP codes becomes invisble, or no accounts are showed at all.
Steps to reproduce
Plugin your Yubikey. Open the desktop application, leave them running for a few hours. Close / Sleep your computer, come back after a while, etc. After some time the desktop application semi-hangs, showing transparent OTP codes, or no accounts at all. Copy pasting an invisible OTP code yields an expired code. The only solution is to force quit the application, and restart it. The application won't close nicely when it's in this state.
Here's a screenshot. (I added the black bars for privacy). The OTP codes are not visible.
And sometimes no accounts show up at all. The crashlog when force quitting the application can be found here: https://gist.github.com/izrobin/20590c63c1d402329cc5465bbbcc9307
I ran the desktop application with debug logging enable, and here's the last parts of the log when it crashed. (Notice the jump in timestamps between the last poll, and me quitting the application)
Expected result
I expect my OTP codes to be readily available as long as my Yubikey is plugged in, and the desktop application is open.
Actual results
See above
Other info
I'm happy to assist in any way possible to solve this problem! It happens 1-2 times per day for me.