Yubico Forum ...visit our web-store at 2015-11-25T19:28:57+01:00 https://forum.yubico.com/feed.php?f=4&t=2106 2015-11-25T19:28:31+01:00 2015-11-25T19:28:31+01:00 https://forum.yubico.com/viewtopic.php?t=2106&p=8023#p8023 <![CDATA[Re: Problem with yk4 and PIV]]>
It probably has something todo with the fact that i was importing my 'old' certificate and using cli-tools and gui through one another.

Here was my solution:
I've started
Code:
yubico PIV manager 1.1.1

tried to delete the certificate that was loaded, somehow it complained about the management while it was asking for my pin.
Then i entered a wrong for few times because i was fed up with that..
after resetting it, (all within the gui), setting a new pin, i generated a new certificate.
In terminal i tried
Code:
ssh-keygen -D /usr/local/lib/opensc-pkcs11.so
and it gave me a new pubkey.
I added that to my server and everything worked.

Statistics: Posted by Jasper — Wed Nov 25, 2015 7:28 pm

]]> 2015-11-25T09:01:34+01:00 2015-11-25T09:01:34+01:00 https://forum.yubico.com/viewtopic.php?t=2106&p=8016#p8016 <![CDATA[Re: Problem with yk4 and PIV]]> http://forum.yubico.com/viewtopic.php?f=26&t=1941
rebooted
imported pem
but now it's telling me this:

Quote:

Enter PIN for 'PIV_II (PIV Card Holder pin)':
C_Sign failed: 32
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
Permission denied (publickey,keyboard-interactive).


When i'm passing in a wrong pin, it gives me:
Quote:

C_Login failed: 160

Statistics: Posted by Jasper — Wed Nov 25, 2015 9:01 am

]]> 2015-11-25T19:28:57+01:00 2015-11-24T21:04:33+01:00 https://forum.yubico.com/viewtopic.php?t=2106&p=8014#p8014 <![CDATA[[Solved] Problem with yk4 and PIV]]>
I ran into some problems after testing all different things and erasing slot 1 & 2
Before i ran into troubles i found the tutorial on http://www.jupiterbroadcasting.com/8506 ... y-las-373/ and had SSH auth. with PIV working.

After i erased both slots, i imported the certificate again (yubico-piv-tool -a import-certificate -s 9a -i cert.pem ), and everything looked okay.
Code:
ssh-add -L
gives me the same public key as before
Code:
ssh-keygen -D /usr/local/lib/opensc-pkcs11.so
gives also the same pubkey
Code:
→ opensc-tool --list-readers
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Yubico Yubikey 4 OTP+U2F+CCID

Code:
→ opensc-tool -n
Using reader with a card: Yubico Yubikey 4 OTP+U2F+CCID
PIV-II card


In
Code:
/etc/ssh/ssh_config
the last line is.
Code:
PKCS11Provider /usr/local/lib/opensc-pkcs11.so


Code:
→ ssh -v ds
OpenSSH_6.9p1, LibreSSL 2.1.7
debug1: Reading configuration data /Users/jasper/.ssh/config
debug1: /Users/jasper/.ssh/config line 1: Applying options for *
debug1: /Users/jasper/.ssh/config line 20: Applying options for ds
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to diskstation [fe80::211:32ff:fe2c:429%en1] port 22.
debug1: Connection established.
debug1: manufacturerID <OpenSC (www.opensc-project.org)> cryptokiVersion 2.20 libraryDescription <Smart card PKCS#11 API> libraryVersion 0.0
debug1: label <PIV_II (PIV Card Holder pin)> manufacturerID <piv_II> model <PKCS#15 emulate> serial <dfe90784a4debfe> flags 0x40d
debug1: have 1 keys
debug1: pkcs11_provider_unref: 0x7f96834013d0 refcount 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p2-hpn14v4
debug1: match: OpenSSH_6.6p2-hpn14v4 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: Authenticating to diskstation:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DGUtiafnuStDg1mXoIY8iKk/n+qM45znekL1WpzTm+A
debug1: Host 'diskstation' is known and matches the ECDSA host key.
debug1: Found key in /Users/jasper/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /usr/local/lib/opensc-pkcs11.so
debug1: Server accepts key: pkalg ssh-rsa blen 279
Enter PIN for 'PIV_II (PIV Card Holder pin)':
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: /usr/local/lib/opensc-pkcs11.so
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Trying private key: /Users/jasper/.ssh/id_rsa
debug1: Trying private key: /Users/jasper/.ssh/id_dsa
debug1: Trying private key: /Users/jasper/.ssh/id_ecdsa
debug1: Trying private key: /Users/jasper/.ssh/id_ed25519
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).


without the -vvv

Code:
→ ssh  ds
Enter PIN for 'PIV_II (PIV Card Holder pin)':
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
Permission denied (publickey,keyboard-interactive).



Does anyone have any tips to get it working again?

- Jasper

Statistics: Posted by Jasper — Tue Nov 24, 2015 9:04 pm

]]>