Yubico Forum

Re: PKCS#11 Mac: Could not add card agent refused operation

2016-07-28T09:04:33+01:00

Hey,

Follow the notes and try to use brew SSH and explicitly use those binaries not the default ssh.

Alternatively, try using YKCS11 https://developers.yubico.com/yubico-pi ... notes.html

Statistics: Posted by Tom2 — Thu Jul 28, 2016 9:04 am

Re: PKCS#11 Mac: Could not add card agent refused operation

2016-07-25T05:17:40+01:00

Same problem using Ubuntu 16.04. I added the ppa for yubico, installed all the yubico software I could find in it, set up Ubuntu using the recommended script found

https://github.com/dainnilsson/scripts/ ... all/gpg.sh

Same issue. I found this somewhat helpful

https://wikitech.wikimedia.org/wiki/Yubikey-SSH

I created a .ssh/config as recommended, so at least now I can just $ssh host, enter pin, and complete a connection. But if I do

ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

It asks

Enter passphrase for PKCS#11

Entering my pin, puk, key, changeme.. nothing works. So I guess I live with ssh host, pin.

Statistics: Posted by rgurley — Mon Jul 25, 2016 5:17 am

PKCS#11 Mac: Could not add card agent refused operation

2016-04-02T01:07:20+01:00

Hi

I've setup a SSH key to be accessed from PKCS#11 according to this guide:
https://developers.yubico.com/yubico-piv-tool/SSH_with_PIV_and_PKCS11.html

I [s]can[s] can not connect when specifying PKCS#11 as source for SSH

Code:

ssh -I $OPENSC_LIB user@remote.example.com

I've also verified that it does not work when my Yubikey is not inserted into the USB slot.

When I try to add the key to the SSH Agent then I get the following interaction

Code:

ssh-add -s $OPENSC_LIB
Enter passphrase for PKCS#11:
Could not add card "/usr/local/Cellar/opensc/0.16.0-pre1/lib/pkcs11/opensc-pkcs11.so": agent refused operation

Any hints as to why ssh-add nor ssh works according to the guide? Am I using the correct driver?

OS: Mac OS El Capitan
Yubikey PAM enabled for: Login, Screensaver, Sudo
OpenSC: 0.16.0-pre1

Statistics: Posted by Magnus — Sat Apr 02, 2016 1:07 am