I'm trying to get PIV working again after i erased everything from my yk4.
I ran into some problems after testing all different things and erasing slot 1 & 2
Before i ran into troubles i found the tutorial on http://www.jupiterbroadcasting.com/8506 ... y-las-373/ and had SSH auth. with PIV working.
After i erased both slots, i imported the certificate again (yubico-piv-tool -a import-certificate -s 9a -i cert.pem ), and everything looked okay.
Code:
ssh-add -L
gives me the same public key as beforeCode:
ssh-keygen -D /usr/local/lib/opensc-pkcs11.so
gives also the same pubkeyCode:
→ opensc-tool --list-readers
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Yubico Yubikey 4 OTP+U2F+CCID
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Yubico Yubikey 4 OTP+U2F+CCID
Code:
→ opensc-tool -n
Using reader with a card: Yubico Yubikey 4 OTP+U2F+CCID
PIV-II card
Using reader with a card: Yubico Yubikey 4 OTP+U2F+CCID
PIV-II card
In
Code:
/etc/ssh/ssh_config
the last line is.Code:
PKCS11Provider /usr/local/lib/opensc-pkcs11.so
Code:
→ ssh -v ds
OpenSSH_6.9p1, LibreSSL 2.1.7
debug1: Reading configuration data /Users/jasper/.ssh/config
debug1: /Users/jasper/.ssh/config line 1: Applying options for *
debug1: /Users/jasper/.ssh/config line 20: Applying options for ds
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to diskstation [fe80::211:32ff:fe2c:429%en1] port 22.
debug1: Connection established.
debug1: manufacturerID <OpenSC (www.opensc-project.org)> cryptokiVersion 2.20 libraryDescription <Smart card PKCS#11 API> libraryVersion 0.0
debug1: label <PIV_II (PIV Card Holder pin)> manufacturerID <piv_II> model <PKCS#15 emulate> serial <dfe90784a4debfe> flags 0x40d
debug1: have 1 keys
debug1: pkcs11_provider_unref: 0x7f96834013d0 refcount 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p2-hpn14v4
debug1: match: OpenSSH_6.6p2-hpn14v4 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: Authenticating to diskstation:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DGUtiafnuStDg1mXoIY8iKk/n+qM45znekL1WpzTm+A
debug1: Host 'diskstation' is known and matches the ECDSA host key.
debug1: Found key in /Users/jasper/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /usr/local/lib/opensc-pkcs11.so
debug1: Server accepts key: pkalg ssh-rsa blen 279
Enter PIN for 'PIV_II (PIV Card Holder pin)':
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: /usr/local/lib/opensc-pkcs11.so
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Trying private key: /Users/jasper/.ssh/id_rsa
debug1: Trying private key: /Users/jasper/.ssh/id_dsa
debug1: Trying private key: /Users/jasper/.ssh/id_ecdsa
debug1: Trying private key: /Users/jasper/.ssh/id_ed25519
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
OpenSSH_6.9p1, LibreSSL 2.1.7
debug1: Reading configuration data /Users/jasper/.ssh/config
debug1: /Users/jasper/.ssh/config line 1: Applying options for *
debug1: /Users/jasper/.ssh/config line 20: Applying options for ds
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to diskstation [fe80::211:32ff:fe2c:429%en1] port 22.
debug1: Connection established.
debug1: manufacturerID <OpenSC (www.opensc-project.org)> cryptokiVersion 2.20 libraryDescription <Smart card PKCS#11 API> libraryVersion 0.0
debug1: label <PIV_II (PIV Card Holder pin)> manufacturerID <piv_II> model <PKCS#15 emulate> serial <dfe90784a4debfe> flags 0x40d
debug1: have 1 keys
debug1: pkcs11_provider_unref: 0x7f96834013d0 refcount 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p2-hpn14v4
debug1: match: OpenSSH_6.6p2-hpn14v4 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: Authenticating to diskstation:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:DGUtiafnuStDg1mXoIY8iKk/n+qM45znekL1WpzTm+A
debug1: Host 'diskstation' is known and matches the ECDSA host key.
debug1: Found key in /Users/jasper/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /usr/local/lib/opensc-pkcs11.so
debug1: Server accepts key: pkalg ssh-rsa blen 279
Enter PIN for 'PIV_II (PIV Card Holder pin)':
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: /usr/local/lib/opensc-pkcs11.so
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Trying private key: /Users/jasper/.ssh/id_rsa
debug1: Trying private key: /Users/jasper/.ssh/id_dsa
debug1: Trying private key: /Users/jasper/.ssh/id_ecdsa
debug1: Trying private key: /Users/jasper/.ssh/id_ed25519
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
without the -vvv
Code:
→ ssh ds
Enter PIN for 'PIV_II (PIV Card Holder pin)':
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
Permission denied (publickey,keyboard-interactive).
Enter PIN for 'PIV_II (PIV Card Holder pin)':
no such identity: /Users/jasper/.ssh/id_ed25519: No such file or directory
Permission denied (publickey,keyboard-interactive).
Does anyone have any tips to get it working again?
- Jasper
| Attachments: |
 Certificates 2015-11-24 19-52-32.jpg [ 101.62 KiB | Viewed 3158 times ] |
 YubiKey NEO Manager (1.4.0) 2015-11-24 19-53-28.jpg [ 97.64 KiB | Viewed 3158 times ] |