Yubico Forum :: View topic - Problems with Ubuntu 15.10 on one machine, but not another

Yubico Forum https://forum.yubico.com/

Problems with Ubuntu 15.10 on one machine, but not another https://forum.yubico.com/viewtopic.php?f=26&t=2191	Page 1 of 1

Author:	Mats [ Mon Feb 01, 2016 9:01 pm ]
Post subject:	Problems with Ubuntu 15.10 on one machine, but not another
Hi, I have an air-gap computer using Ubuntu 15.10, and I have downloaded my master key to my yubikey using it. I did not need to change any parameters for the yubikey to get gpg2 access to it, which I think I needed to do with my older yubikey. However, now I try to use the key on my ordinary laptop, also using Ubuntu 15.10, but gpg2 cannot access it. Some details below: dmesg: [ 2261.421087] usb 3-2: new full-speed USB device number 4 using xhci_hcd [ 2261.550796] usb 3-2: New USB device found, idVendor=1050, idProduct=0407 [ 2261.550803] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 2261.550807] usb 3-2: Product: Yubikey 4 OTP+U2F+CCID [ 2261.550809] usb 3-2: Manufacturer: Yubico [ 2261.551066] usb 3-2: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes [ 2261.552589] input: Yubico Yubikey 4 OTP+U2F+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-2/3-2:1.0/0003:1050:0407.0008/input/input20 [ 2261.606003] hid-generic 0003:1050:0407.0008: input,hidraw1: USB HID v1.10 Keyboard [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:14.0-2/input0 [ 2261.607492] hid-generic 0003:1050:0407.0009: hiddev0,hidraw2: USB HID v1.10 Device [Yubico Yubikey 4 OTP+U2F+CCID] on usb-0000:00:14.0-2/input1 pcsc_scan -n PC/SC device scanner V 1.4.24 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.8.11 Using reader plug'n play mechanism Scanning present readers... 0: Lenovo Integrated Smart Card Reader 00 00 1: Yubico Yubikey 4 OTP+U2F+CCID 01 00 Mon Feb 1 20:58:41 2016 Reader 0: Lenovo Integrated Smart Card Reader 00 00 Card state: Card removed, Reader 1: Yubico Yubikey 4 OTP+U2F+CCID 01 00 Card state: Card inserted, ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4 neoman can find the card just fine, so can yubikey-personalize-gui. GPG_AGENT_INFO= gpg2 --debug-level guru --card-status gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat trust hashing extprog cardio assuan gpg: DBG: connection to agent established scdaemon[3669]: pcsc_control failed: invalid handle (0x80100003) scdaemon[3669]: pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65538 gpg: selecting openpgp failed: Card not present gpg: OpenPGP card not available: Card not present random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 0/65536 bytes in 0 blocks mats@mats-laptop:/etc$ scdaemon[3669]: updating slot 0 status: 0x0000->0x0000 (0->1) scdaemon[3669]: scdaemon (GnuPG) 2.0.28 stopped I have tried killing scdaemon and gpg-agent, no difference in behavior. Something is different between these that happens to be significant, but can't figure out what. Any suggestions as how to debug this?

Author:	Alessio [ Wed Feb 03, 2016 10:35 am ]
Post subject:	Re: Problems with Ubuntu 15.10 on one machine, but not anoth
Just to be clear, does this still work on your offline computer? I believe gpg is trying to use your other card reader. Try to disable it and restart scdaemon+gpg-agent or add "reader-port Yubico" to ~/.gnupg/scdaemon.conf (if you do this also add "log-file /tmp/scdaemon.log" and "debug-level guru" to get debug info from scd).

Author:	Mats [ Fri Feb 05, 2016 9:10 am ]
Post subject:	Re: Problems with Ubuntu 15.10 on one machine, but not anoth
I made the update of the scdaemon.conf file, did a "killall scdaemon" and "killall gpg-agent" just in case, but none of the killall found any process so it was apparently not needed. I also took out the Yubikey and reinserted it again. Anyway, here's my terminal session: $ gpg2 --card-status gpg: can't connect to the agent - trying fall back scdaemon[25686]: enabled debug flags: command mpi crypto memory cache memstat hashing assuan cardio gpg: selecting openpgp failed: Card not present gpg: OpenPGP card not available: Card not present This is the scdaemon.log (two attempts with card status): $ cat /tmp/scdaemon.log 2016-02-05 09:00:19 scdaemon[25627] listening on socket `/tmp/gpg-QxOb6p/S.scdaemon' 2016-02-05 09:00:19 scdaemon[25627] handler for fd -1 started 2016-02-05 09:00:20 scdaemon[25627] pcsc_control failed: invalid handle (0x80100003) 2016-02-05 09:00:20 scdaemon[25627] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65538 2016-02-05 09:00:20 scdaemon[25627] reader slot 0: not connected scdaemon[25627]: chan_7 -> OK GNU Privacy Guard's Smartcard server ready scdaemon[25627]: chan_7 <- GETINFO socket_name scdaemon[25627]: chan_7 -> D /tmp/gpg-QxOb6p/S.scdaemon scdaemon[25627]: chan_7 -> OK scdaemon[25627]: chan_7 <- SERIALNO openpgp scdaemon[25627]: chan_7 -> ERR 100663408 Card not present <SCD> scdaemon[25627]: chan_7 <- RESTART scdaemon[25627]: chan_7 -> OK scdaemon[25627]: chan_7 <- [eof] 2016-02-05 09:00:20 scdaemon[25627] updating slot 0 status: 0x0000->0x0000 (0->1) 2016-02-05 09:00:20 scdaemon[25627] handler for fd -1 terminated 2016-02-05 09:00:20 scdaemon[25627] scdaemon (GnuPG) 2.0.28 stopped 2016-02-05 09:02:03 scdaemon[25686] listening on socket `/tmp/gpg-nOC3g4/S.scdaemon' 2016-02-05 09:02:03 scdaemon[25686] handler for fd -1 started 2016-02-05 09:02:04 scdaemon[25686] pcsc_control failed: invalid handle (0x80100003) 2016-02-05 09:02:04 scdaemon[25686] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65538 2016-02-05 09:02:04 scdaemon[25686] reader slot 0: not connected scdaemon[25686]: chan_7 -> OK GNU Privacy Guard's Smartcard server ready scdaemon[25686]: chan_7 <- GETINFO socket_name scdaemon[25686]: chan_7 -> D /tmp/gpg-nOC3g4/S.scdaemon scdaemon[25686]: chan_7 -> OK scdaemon[25686]: chan_7 <- SERIALNO openpgp scdaemon[25686]: chan_7 -> ERR 100663408 Card not present <SCD> scdaemon[25686]: chan_7 <- RESTART scdaemon[25686]: chan_7 -> OK scdaemon[25686]: chan_7 <- [eof] 2016-02-05 09:02:04 scdaemon[25686] updating slot 0 status: 0x0000->0x0000 (0->1) 2016-02-05 09:02:04 scdaemon[25686] handler for fd -1 terminated 2016-02-05 09:02:04 scdaemon[25686] scdaemon (GnuPG) 2.0.28 stopped This is the syslog: $ tail /var/log/syslog Feb 5 09:01:52 mats-laptop kernel: [60842.195549] usb 3-1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes Feb 5 09:01:52 mats-laptop kernel: [60842.196300] input: Yubico Yubikey NEO OTP+U2F+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/0003:1050:0116.003A/input/input47 Feb 5 09:01:52 mats-laptop kernel: [60842.251024] hid-generic 0003:1050:0116.003A: input,hidraw1: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+U2F+CCID] on usb-0000:00:14.0-1/input0 Feb 5 09:01:52 mats-laptop kernel: [60842.252348] hid-generic 0003:1050:0116.003B: hiddev0,hidraw2: USB HID v1.10 Device [Yubico Yubikey NEO OTP+U2F+CCID] on usb-0000:00:14.0-1/input1 Feb 5 09:01:52 mats-laptop pcscd: ifdhandler.c:130:CreateChannelByNameOrChannel() failed Feb 5 09:01:52 mats-laptop pcscd: readerfactory.c:1043:RFInitializeReader() Open Port 0x200001 Failed (usb:1050/0116:libudev:0:/dev/bus/usb/003/018) Feb 5 09:01:52 mats-laptop pcscd: readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+U2F+CCID init failed. Feb 5 09:01:52 mats-laptop pcscd: ifdhandler.c:130:CreateChannelByNameOrChannel() failed Feb 5 09:01:52 mats-laptop pcscd: readerfactory.c:1043:RFInitializeReader() Open Port 0x200002 Failed (usb:1050/0116:libudev:1:/dev/bus/usb/003/018) Feb 5 09:01:52 mats-laptop pcscd: readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+U2F+CCID init failed. Might it be some library that is too old to handle Yubikey? I also tried starting a virtual machine and doing a fresh install of Ubuntu 15.10 adding Yubico ppa to it. gpg2 can see the yubikey, but I couldn't use it anyway (hardware error or something). Might be an error due to being a virtual machine, or perhaps is a clue to the real issue. Not sure which. Worth nothing however that in the VM I'm trying the Neo4, above is using Neo3. And I'm also trying key-signing using the Neo4 and VM, while I'm trying decryption using Neo3 on the host. Not sure if that makes any difference, though...

Author:	Mats [ Fri Feb 05, 2016 4:15 pm ]
Post subject:	Re: Problems with Ubuntu 15.10 on one machine, but not anoth
I finally nailed! What I did was using pcsc_scan, and took the name of the reader from there to the "reader-port" configuration of scdaemon.conf. By taken the whole string it worked. When adding another reader-port entry for my Neo4 I could see that one as well using gpg2 --card-status Now I have another problem, but this seems unrelated, so I'll create a new thread for this. But my Neo3 can decrypt mails at least, nice!

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/