| Yubico Forum https://forum.yubico.com/ |
|
| PKCS#11 Mac: Could not add card agent refused operation https://forum.yubico.com/viewtopic.php?f=35&t=2272 |
Page 1 of 1 |
| Author: | Magnus [ Sat Apr 02, 2016 1:07 am ] |
| Post subject: | PKCS#11 Mac: Could not add card agent refused operation |
Hi I've setup a SSH key to be accessed from PKCS#11 according to this guide: https://developers.yubico.com/yubico-piv-tool/SSH_with_PIV_and_PKCS11.html I [s]can[s] can not connect when specifying PKCS#11 as source for SSH Code: ssh -I $OPENSC_LIB user@remote.example.com I've also verified that it does not work when my Yubikey is not inserted into the USB slot. When I try to add the key to the SSH Agent then I get the following interaction Code: ssh-add -s $OPENSC_LIB Enter passphrase for PKCS#11: Could not add card "/usr/local/Cellar/opensc/0.16.0-pre1/lib/pkcs11/opensc-pkcs11.so": agent refused operation Any hints as to why ssh-add nor ssh works according to the guide? Am I using the correct driver? OS: Mac OS El Capitan Yubikey PAM enabled for: Login, Screensaver, Sudo OpenSC: 0.16.0-pre1 |
|
| Author: | rgurley [ Mon Jul 25, 2016 5:17 am ] |
| Post subject: | Re: PKCS#11 Mac: Could not add card agent refused operation |
Same problem using Ubuntu 16.04. I added the ppa for yubico, installed all the yubico software I could find in it, set up Ubuntu using the recommended script found https://github.com/dainnilsson/scripts/ ... all/gpg.sh Same issue. I found this somewhat helpful https://wikitech.wikimedia.org/wiki/Yubikey-SSH I created a .ssh/config as recommended, so at least now I can just $ssh host, enter pin, and complete a connection. But if I do ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so It asks Enter passphrase for PKCS#11 Entering my pin, puk, key, changeme.. nothing works. So I guess I live with ssh host, pin. |
|
| Author: | Tom2 [ Thu Jul 28, 2016 9:04 am ] |
| Post subject: | Re: PKCS#11 Mac: Could not add card agent refused operation |
Hey, Follow the notes and try to use brew SSH and explicitly use those binaries not the default ssh. Alternatively, try using YKCS11 https://developers.yubico.com/yubico-pi ... notes.html |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|