-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
smart card error 6d00 with YubiKey 4.2.8 #14
Comments
I have the same issue.
yubikey-agent.log:
The error I get from SSH is: |
I've got the same setup as @russelldavies, except I'm on Catalina. I'm also seeing this. |
I wonder if the older Yubikeys don't support attestation for the PIV? In order to support different pin policy configurations, piv-go added check by parsing the attestation certificate as that seems to be the only thing that indicates whether PIN will be actually required. go-piv/piv-go#50 EDIT: https://developers.yubico.com/PIV/Introduction/PIV_attestation.html Attestation is supported starting 4.3. The current piv-go requires attestation support. Maybe someone can modify that code via local replace to ignore the attestation error and instead silently default to default pin policy and see if that solves this? |
|
I fixed this issue upstream go-piv/piv-go#59 However, I found a bug in older YubiKeys that prevent PIN caching for PINPolicyOnce (what this tool uses). So yubikey-agent still won't work with those keys. If you have an older YubiKey and can help test, that'd be appreciated. I only have v4.3.7 and v3.4.9, and I know it works on v4.3.7 but doesn't on v3.4.9. See: go-piv/piv-go#60 |
I am getting errors trying to make this work with my YubiKey :
yubikey-agent.log
SSH log
The text was updated successfully, but these errors were encountered: