Hi,
Up until recently I've been using a YubiKey to hold a GPG auth key, to access bhyve VMs, home LAN servers, etc. I'm currently running FreeBSD 14.2-RELEASE-p1 with a YubiKey 5 Nano.
This was working well, but today (after having upgraded base and packages), I'm seeing the following error:
If I run pcscd in debug mode, it sees the Yubikey:
However trying to ssh fails as above, and gpg doesn't think the service is running:
However, it *is* running, just failing with an odd error. From the pcscd logs when I run
Interestingly, webauthn works just fine. I can use the YubiKey with
https://demo.yubico.com/ without any issues.
Anyone have any ideas? I think it's just that something (perhaps a recent base or ports update?) has broken PolicyKit in some way, but I'm not sure how to repair it.
Up until recently I've been using a YubiKey to hold a GPG auth key, to access bhyve VMs, home LAN servers, etc. I'm currently running FreeBSD 14.2-RELEASE-p1 with a YubiKey 5 Nano.
This was working well, but today (after having upgraded base and packages), I'm seeing the following error:
Code:
$ ssh eirene.home
duncan@eirene.home: Permission denied (publickey).If I run pcscd in debug mode, it sees the Yubikey:
Code:
00000012 [0x25ea0c412e00] ../src/hotplug_libusb.c:627:HPAddHotPluggable() Adding USB device: 0:4:1
00000005 [0x25ea0c412e00] ../src/readerfactory.c:1104:RFInitializeReader() Attempting startup of Yubico YubiKey FIDO+CCID 00 00 using /usr/local/lib/pcsc/drivers//ifd-ccid.bundle/Contents/FreeBSD/libccid.so
00000032 [0x25ea0c412e00] ../src/readerfactory.c:977:RFBindFunctions() Loading IFD Handler 3.0
... snip ...
00000251 [0x25ea0ce3a700] ../src/eventhandler.c:287:EHStatusHandlerThread() powerState: POWER_STATE_POWERED
00000004 [0x25ea0ce3a700] Card ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40However trying to ssh fails as above, and gpg doesn't think the service is running:
Code:
$ gpg --card-status
gpg: selecting card failed: Service is not running
gpg: OpenPGP card not available: Service is not runningHowever, it *is* running, just failing with an odd error. From the pcscd logs when I run
gpg --card-status:
Code:
50589412 [0x25ea0c412000] ../src/winscard_msg_srv.c:253:ProcessEventsServer() Common channel packet arrival
00000019 [0x25ea0c412000] ../src/winscard_msg_srv.c:265:ProcessEventsServer() ProcessCommonChannelRequest detects: 14
00000002 [0x25ea0c412000] ../src/pcscdaemon.c:130:SVCServiceRunLoop() A new context thread creation is requested: 14
00002185 [0x25ea0c413500] ../src/auth.c:116:IsClientAuthorized() polkit_authority_get_sync failed: Error initializing authority: Error calling StartServiceByName for org.freedesktop.PolicyKit1: Failed to execute program org.freedesktop.PolicyKit1: Permission denied
00000008 [0x25ea0c413500] ../src/winscard_svc.c:357:ContextThread() Rejected unauthorized PC/SC client
00000008 [0x25ea0c413500] ../src/winscard_svc.c:1114:MSGCleanupClient() Thread is stopping: dwClientID=14, threadContext @0x25ea0c423320
00000003 [0x25ea0c413500] ../src/winscard_svc.c:1120:MSGCleanupClient() Freeing SCONTEXT @0x25ea0c423320Interestingly, webauthn works just fine. I can use the YubiKey with
https://demo.yubico.com/ without any issues.
Anyone have any ideas? I think it's just that something (perhaps a recent base or ports update?) has broken PolicyKit in some way, but I'm not sure how to repair it.