yubioath-flutter
yubioath-flutter copied to clipboard
Yubico
TOTP Missing
- Yubico Authenticator version: 5.1.0
- Operating system and version: Pop OS 21.04
- YubiKey model and version: 5C 5.2.7
- Bug description summary: TOTP missing
Steps to reproduce
Insert 5C that is password protected and has TOTP info stored from Windows into USB-C port
Expected result
Asking for password for TOTP account used on Windows and Android. Then showing TOTP listings
Actual results
5C acts like a new Yubikey no TOTP and no password set. Inserted into Windows 10 box and TOTP still on 5C
Other info
[Anything else you would like to add?]
I'm running into the same issue, pcscd daemon is running. I'm on Fedora 35, running 5.1.0 of the app.
Does 5.0.5 work?
Appreciate the response. Get a similar issue. Downgraded the flatpak via:
sudo flatpak update --commit=de198569c64d3e4108b499c5156cb46ae641c9c9bff979ddcdb29b8b70b503db com.yubico.yubioath
And get the following (notice the no device found at the top):
Logs show the following, where the bottom two lines are written when I plug the yubikey in:
❯ flatpak run com.yubico.yubioath
QSocketNotifier: Can only be used with threads started with QThread
Got library name: "/app/lib/qml/io/thp/pyotherside/libpyothersideplugin.so"
qml: calculateAll failed: YubiKey with given serial not found
qml: calculateAll failed: YubiKey with given serial not found
Can the 5.1.0 version recognize the key? In other words, if you open the drawer on the left side and press "YubiKey", does it say what YubiKey you have? Also, what YubiKey are you trying this with?
This is from 5.1.0, the display is correct.
❯ flatpak run com.yubico.yubioath
Gtk-Message: 19:42:31.430: Failed to load module "canberra-gtk-module"
Gtk-Message: 19:42:31.430: Failed to load module "canberra-gtk-module"
Qt: Session management error: Could not open network socket
Got library name: "/app/lib/qml/io/thp/pyotherside/libpyothersideplugin.so"
Failed to establish dbus connectionqml: calculateAll failed: YubiKey with given serial not found
qml: calculateAll failed: YubiKey with given serial not found
qml: calculateAll failed: YubiKey with given serial not found
@leb4r Thank you. I am thinking that this might be because OTP mode is activated, but I am not entirely sure. Here's how you can check. Try both of these alternatives if you can, since the second one might be a bit different for the flatpak.
- Use 5.0.5 and open the menu on the left side (three dots). Go to "Interface" and make sure it is set to "CCID (recommended)"
- If running 5.1.0 you can try the following. Check this file
$HOME/.config/Yubico/Yubico\ Authenticator.confand see what value the OtpMode entry has. If it hastrue, then Otp Mode is active. Set it tofalse
I am still having an issue with 5.1.0 and the OtpMode is set to false:
[mhynlo@maldraxxus ~]$ cat ~/.var/app/com.yubico.yubioath/config/Yubico/Yubico\ Authenticator.conf
[General]
activeView=authenticatorView
closeToTray=true
customReaderName=
desktopAvailableHeight=1080
desktopAvailableWidth=3840
favorites=@Invalid()
height=582
hideOnLaunch=false
otpMode=false
requireTouch=false
slot1digits=0
slot2digits=0
theme=1
useCustomReader=false
width=300
x=3516
y=77
The application finds the yubikey, but does not display the TOTP data.
@Mhynlo Thanks for the details! How are you running the app? Is it through the AppImage? Snap store?
I have the same problem. Yubico Authenticator 5.1.0. Ubuntu 21.04. Just recently set up PGP on my Yubikey and all of my TOTP seem to be gone. Installed through Snap.
@itay-grudev Could you run it through the terminal with --log-level DEBUG? It might give a hint as to what is happening.
@itay-grudev Looks like pcscd is not running. Could you check that it is? Also I recommend reading the tips at the bottom of this page https://snapcraft.io/yubioath-desktop with regards to pcscd.
Then it looks like there is a conflict. When I restart it then gpg stops working with the PGP card. If I unplug it and then plug it again the yubioauth-desktop stops working. Needless to say - I need both.
@itay-grudev Do you need gpg at the same time as Yubico Authenticator? There is a limitation with gpg - it grabs the YubiKey exclusively and does not let go.
@itay-grudev You can kill scdaemon. You can also try to add a timeout to scdaemon, however that will probably result in you having to enter your PIN every time. Apparently you can also patch scdaemon so that it does not grab it in exclusive mode but in shared mode. I haven't personally tried this last step. I would suggest searching around for these solutions and see what you find.
@fdennis Thanks. I'll look into it. @JDLinx Is this also related to your original issue?
@itay-grudev it could be? It ends up displaying no TOTP accounts, but I never used the GPG functionality.
My issue was with Flatpak and Fedora 35, but everything worked fine on Fedora 34. Leads me to believe something changed in the way those devices are being handled between either by Flatpak or the OS itself.
@itay-grudev can confirm, that command worked with the desktop app open and closed.
My issue was with Flatpak and Fedora 35, but everything worked fine on Fedora 34. Leads me to believe something changed in the way those devices are being handled between either by Flatpak or the OS itself.
I would like to confirm I have the same setup as leb4r. I am using the Flatpak on Fedora 35 and my setup was working on Fedora 34.
@leb4r @Mhynlo We are not the maintainers of the Flatpak. However, your issue seems to be identical to this one (which you can find at the maintainers repository) https://github.com/flathub/com.yubico.yubioath/issues/26 . There is another issue about this opened in our repository as well (https://github.com/Yubico/yubioath-desktop/issues/755). Most likely, though, this seems to be an issue with Fedora or the Flatpak, and not something we can fix. We are still discussing this with the maintainers and I hope a solution can be reached soon. In the meantime, I can point you to the AppImage https://developers.yubico.com/yubioath-desktop/Releases/
It does look to be related to the FlatPak and Fedora. The AppImage is able to get something working on my desktop. Thanks!
I'm having a very similar issue on ArchLinux on amd64. The application shows no TOTP entries:
However, on mobile (either Android or iOS), Authenticator does show multiple TOTP entries.
I'm not using the key with GPG, and it seems GPG isn't using it at all:
> gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
Any ideas on what might be up?
If I run pcscd, it exits successfully immediately. I'm not very sure how to interpret this.
Oh, it seems pcscd needs to run as root, enabling socket activation is the simplest approach:
systemctl enable --now pcscd.socket
I've got a pretty similar issue.
- Fedora 36 (GNOME + Wayland)
- Yubico Authenticator (Flatpak version: 5.1.0)
- YubiKey 5 Nano
Steps to reproduce
flatpak install com.yubico.yubioath
flatpak run com.yubico.yubioath
As soon as the authenticator launches pcscd.service is started. The authenticator also recognizes the YubiKey 5 Nano successfully. Only the OTP "Authernticator" section section shows:
No accounts.
Add acconts to this YubiKey in order to generate security codes.
and also doesn't ask for the set Password.
With the Fedora package yubioath-desktop or the AppImage provided by Yubico this issue doesn't occur.
Other Information
When running flatpak run com.yubico.yubioath, every time I klick on the OTP "Authenticator" section to open it, there's a line output on my terminal, stating:
qml: calculateAll failed: No eligiable connections are available ([<class 'yubikit.core.smartcard.SmartCardConnection'>]).
Yubico Authenticator 6.0 has now been released and uses a new codebase. As such, this issue has been marked with the legacy label, and will be automatically closed in 7 days. If this issue is still relevant to Yubico Authenticator 6, please comment on the issue saying so, and it will be kept open (or be re-opened). Sorry for the inconvenience!
