keymaster icon indicating copy to clipboard operation
keymaster copied to clipboard

Published 20 hours ago verified publisher icon Cloud-Foundations

Yubikey not initially working with MacOS client

Open rgooch opened this issue 5 years ago • 15 comments

Running the MacOS Keymaster client with a Yubikey 5C nano plugged in I got this error: top of doU2fAuthenticate manufacturer = "Yubico", product = "YubiKey OTP+FIDO+CCID", vid = 0x0407, pid = 0x1050 u2fhid: error reading response, read timed out The Yubikey did not blink.

I then plugged in a Feitian U2F token as well and ran the Keymaster client again. The Feitian did not blink but the Yubikey did, so I pressed it and it worked. Before I pressed the Yubikey I pressed the (not blinking) Feitian to see what would happen and I just got OTP codes in my terminal.

I unplugged my Feitian token and tried again with just the Yubikey token and everything worked fine. I tried again and it worked.

rgooch avatar Dec 03 '19 00:12 rgooch

This is a daily problem. I can recover without plugging in a second token by just re-running the Keymaster client. Usually on the third attempt it works.

rgooch avatar Dec 09 '19 18:12 rgooch

I'm also experiencing this when running keymaster on macOS. As @rgooch says, it tends to work on the third attempt.

prydonius avatar Jan 08 '20 17:01 prydonius

Now I seem to be getting this error instead of the read response error:

top of doU2fAuthenticate
manufacturer = "Yubico", product = "YubiKey OTP+FIDO+CCID", vid = 0x0407, pid = 0x1050
hid: privilege violation

prydonius avatar Jan 09 '20 17:01 prydonius

@prydonius : if you diable the OTP on the yubikey is this still an issue? (I think this would be a workaround)

cviecco avatar Jan 30 '20 00:01 cviecco

I think I disabled OTP mode and still experienced the problem.

rgooch avatar Jan 30 '20 17:01 rgooch

I just disabled OTP, let's see if that improves anything

prydonius avatar Feb 10 '20 18:02 prydonius

@cviecco for the last couple of days I haven't been seeing these errors with OTP disabled. Will update this if I start seeing them again.

prydonius avatar Feb 12 '20 18:02 prydonius

I get this repeatedly

top of doU2fAuthenticate
manufacturer = "Yubico", product = "YubiKey OTP+FIDO+CCID", vid = 0x0407, pid = 0x1050
hid: privilege violation

Even though I enter the same password again and again, I am literally copy pasting the password to make sure that I am entering the right thing. After 4 attempts it succeeds.

nikunjy avatar May 29 '20 16:05 nikunjy

@prydonius do you still see the hid: privilege violation ?

nikunjy avatar May 29 '20 16:05 nikunjy

@nikunjy have you disabled OTP? After doing so, I no longer get either of the two errors reported here.

prydonius avatar May 29 '20 19:05 prydonius

I turned off OTP a long time ago and I've seen this problem occasionally.

rgooch avatar May 30 '20 06:05 rgooch

@rgooch : what version of yubikey do you use(paste the whole -checkDevices string) and what version of MacOS?

cviecco avatar Jun 01 '20 05:06 cviecco

@cviecco I have MacOS Catalina 10.15.4. Output: `manufacturer = "FT", product = "U2F KB", vid = 0x0854, pid = 0x096e

manufacturer = "Yubico", product = "YubiKey FIDO+CCID", vid = 0x0406, pid = 0x1050`

rgooch avatar Jun 04 '20 22:06 rgooch

Currently the incidence of this is very low for me (I have OTP disabled and am running MacOS Catalina v10.15.4). I don't see a way to debug this without being able to reproduce it on-demand.

rgooch avatar Jul 16 '20 21:07 rgooch

An idea.. test with using libfido2.. which is mady by yubico? https://github.com/keys-pub/go-libfido2

cviecco avatar Sep 28 '20 05:09 cviecco

We are using a new and different library now. I think this has been solved already. Closing this for now, if there are sill issues please feel free to reopen.

cviecco avatar Oct 04 '23 16:10 cviecco