search

cevoaustralia / aws-google-auth

Provides AWS STS credentials based on Google Apps SAML SSO auth (what a jumble!)
MIT License
537 stars 181 forks source link

Yubikey not being recognised #155

Closed sandstheman closed 4 years ago

sandstheman commented 4 years ago

Installed the latest U2F version via pip, on macos.

My google account is setup with my Yubikey as the 2FA device but when connecting with aws-google-auth i just get the following error

ERROR:root:No U2F device found. 5 attempts remaining
Insert your U2F device and press enter to try again...

Even though my yubikey is inserted and works without issue in every other case.

the u2f library can see the device

>>> from u2flib_host import u2f, exc
>>> devices = u2f.list_devices()
>>> print devices[0]
<u2flib_host.hid_transport.HIDDevice object at 0x108cc6210>

Digging deeper looks like the error is a red herring, issue lies in an error being returned by the U2F library when it makes the send_apu call to pass the challenge data and facet to the smart card

lib/python3.7/site-packages/u2flib_host/device.py", line 112, in send_apdu
    raise exc.APDUError(status)
u2flib_host.exc.APDUError: 0x6A80
gjyoung1974 commented 4 years ago

Hi @sandstheman I feel like this could be related: https://github.com/cevoaustralia/aws-google-auth/pull/145 My scenario 2 Yubikeys configured with gsuite aws-google-auth with only recognize the yubikey configured at the "top of the stack" as soon as I deleted one of my keys I could read the previously configured key.

stevemac007 commented 4 years ago

Merged #145 - please let me know if version 0.0.33 fixes this issue.

stevemac007 commented 4 years ago

From #154 I think this is resolved - please reopen if still persists.