yubioath-flutter
yubioath-flutter copied to clipboard
Published
20 hours ago •
Yubico
Yubico
RFInitializeReader() Open Port 0x200000 Failed
-
Yubico Authenticator version: snap yubioath-desktop 5.1.0
-
Operating system and version: Ubuntu 20.04.3 LTS
-
YubiKey model and version: Tested with: Yubikey NEO(-N) OTP+CCID ID 1050:0111 version: 3.4.9 Yubikey NEO(-N) OTP+CCID ID 1050:0111 version: 3.4.3 Yubikey NEO(-N) OTP+U2F+CCID ID 1050:0116 version: 3.4.9 Yubikey 4 OTP+CCID ID 1050:0405 version 4.3.3
-
Hardware: Lenovo ThinkPad T14 Gen2 (BIOS 1.46 03 DEC 2021 (latest))
-
Bug description summary: After installation of the snap package the system fails to initialize the Yubikey. The PIV applet is no longer working and the pam-pkcs11 login fails.
Steps to reproduce
- install snap package
snap install yubioath-desktop - reboot
- insert yubikey
tail -f /var/log/syslog
Dec 8 11:26:50 ubuntu kernel: [ 64.702897] usb 3-7: new full-speed USB device number 6 using xhci_hcd
Dec 8 11:26:50 ubuntu kernel: [ 64.853427] usb 3-7: New USB device found, idVendor=1050, idProduct=0111, bcdDevice= 3.49
Dec 8 11:26:50 ubuntu kernel: [ 64.853436] usb 3-7: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Dec 8 11:26:50 ubuntu kernel: [ 64.853439] usb 3-7: Product: Yubikey NEO OTP+CCID
Dec 8 11:26:50 ubuntu kernel: [ 64.853442] usb 3-7: Manufacturer: Yubico
Dec 8 11:26:50 ubuntu kernel: [ 64.856184] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-7/3-7:1.0/0003:1050:0111.0004/input/input19
Dec 8 11:26:50 ubuntu kernel: [ 64.914969] hid-generic 0003:1050:0111.0004: input,hidraw0: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:00:14.0-7/input0
Dec 8 11:26:50 ubuntu mtp-probe: checking bus 3, device 6: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-7"
Dec 8 11:26:50 ubuntu mtp-probe: bus: 3, device: 6 was not an MTP device
Dec 8 11:26:50 ubuntu yubioath-desktop.pcscd[1219]: 04429239 readerfactory.c:1106:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0111:libudev:0:/dev/bus/usb/003/006)
Dec 8 11:26:50 ubuntu yubioath-desktop.pcscd[1219]: 00000019 readerfactory.c:376:RFAddReader() Yubico Yubikey NEO OTP+CCID init failed.
Dec 8 11:26:50 ubuntu pcscd[1897]: 20004555 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Dec 8 11:26:50 ubuntu pcscd[1897]: 00000011 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0111:libudev:0:/dev/bus/usb/003/006)
Dec 8 11:26:50 ubuntu pcscd[1897]: 00000003 readerfactory.c:376:RFAddReader() Yubico Yubikey NEO OTP+CCID init failed.
Dec 8 11:26:50 ubuntu pcscd[1897]: 00002672 ccid_usb.c:652:OpenUSBByName() Can't claim interface 3/6: LIBUSB_ERROR_BUSY
Dec 8 11:26:50 ubuntu pcscd[1897]: 00000124 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Dec 8 11:26:50 ubuntu pcscd[1897]: 00000004 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0111:libudev:1:/dev/bus/usb/003/006)
Dec 8 11:26:50 ubuntu pcscd[1897]: 00000002 readerfactory.c:376:RFAddReader() Yubico Yubikey NEO OTP+CCID init failed.
Dec 8 11:26:50 ubuntu pcscd[1897]: 00000025 hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Yubico Yubikey NEO OTP+CCID
Dec 8 11:26:50 ubuntu systemd-udevd[2401]: 3-7:1.0: Process '/usr/lib/snapd/snap-device-helper bind snap_yubioath-desktop_pcscd /devices/pci0000:00/0000:00:14.0/usb3/3-7/3-7:1.0 0:0' failed with exit code 1.
Dec 8 11:26:50 ubuntu mtp-probe: checking bus 3, device 6: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-7"
Dec 8 11:26:50 ubuntu mtp-probe: bus: 3, device: 6 was not an MTP device
Dec 8 11:26:50 ubuntu systemd-udevd[2401]: 3-7: Process '/usr/lib/snapd/snap-device-helper bind snap_yubioath-desktop_pcscd /devices/pci0000:00/0000:00:14.0/usb3/3-7 189:261' failed with exit code 1.
- check piv
# yubico-piv-tool -a status
Failed to connect to yubikey.
Try removing and reconnecting the device.
- try to login
Dec 8 11:26:35 ubuntu systemd[1]: Started PC/SC Smart Card Daemon.
Dec 8 11:26:35 ubuntu kernel: [ 169.325483] audit: type=1130 audit(1638966875.225:82): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=pcscd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000000 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000033 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0111:libudev:0:/dev/bus/usb/003/006)
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000001 readerfactory.c:376:RFAddReader() Yubico Yubikey NEO OTP+CCID init failed.
Dec 8 11:26:35 ubuntu pcscd[2425]: 00002263 ccid_usb.c:652:OpenUSBByName() Can't claim interface 3/6: LIBUSB_ERROR_BUSY
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000213 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000004 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0111:libudev:1:/dev/bus/usb/003/006)
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000002 readerfactory.c:376:RFAddReader() Yubico Yubikey NEO OTP+CCID init failed.
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000027 hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Yubico Yubikey NEO OTP+CCID
Dec 8 11:26:35 ubuntu pcscd[2425]: 00002804 ccid_usb.c:652:OpenUSBByName() Can't claim interface 3/4: LIBUSB_ERROR_BUSY
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000208 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000004 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:058f/9540:libudev:0:/dev/bus/usb/003/004)
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000001 readerfactory.c:376:RFAddReader() Alcor Micro AU9560 init failed.
Dec 8 11:26:35 ubuntu pcscd[2425]: 00000022 hotplug_libudev.c:526:HPAddDevice() Failed adding USB device: Alcor Micro AU9560
Dec 8 11:26:35 ubuntu lightdm: init_pkcs11_module() failed: there are no slots available
Dec 8 11:26:35 ubuntu kernel: [ 169.340627] audit: type=1100 audit(1638966875.241:83): pid=2423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:authentication grantors=? acct="user" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=failed'
- unistall snap package
snap remove yubioath-desktop - insert yubikey
tail -f /var/log/syslog
Dec 8 11:31:14 ubuntu kernel: [ 5801.065741] usb 3-7: new full-speed USB device number 23 using xhci_hcd
Dec 8 11:31:14 ubuntu kernel: [ 5801.215868] usb 3-7: New USB device found, idVendor=1050, idProduct=0111, bcdDevice= 3.49
Dec 8 11:31:14 ubuntu kernel: [ 5801.215877] usb 3-7: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Dec 8 11:31:14 ubuntu kernel: [ 5801.215880] usb 3-7: Product: Yubikey NEO OTP+CCID
Dec 8 11:31:14 ubuntu kernel: [ 5801.215883] usb 3-7: Manufacturer: Yubico
Dec 8 11:31:14 ubuntu kernel: [ 5801.218599] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-7/3-7:1.0/0003:1050:0111.001B/input/input40
Dec 8 11:31:15 ubuntu kernel: [ 5801.278368] hid-generic 0003:1050:0111.001B: input,hidraw0: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:00:14.0-7/input0
Dec 8 11:31:15 ubuntu mtp-probe: checking bus 3, device 23: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-7"
Dec 8 11:31:15 ubuntu mtp-probe: bus: 3, device: 23 was not an MTP device
Dec 8 11:31:15 ubuntu mtp-probe: checking bus 3, device 23: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-7"
Dec 8 11:31:15 ubuntu mtp-probe: bus: 3, device: 23 was not an MTP device
- check piv
yubico-piv-tool -a status
Version: 1.0.4
Serial Number: ***
CHUID: ***
CCC: No data available
Slot 9a:
Algorithm: RSA2048
Subject DN: ***
Issuer DN: ***
Fingerprint: ***
Not Before: Jul 23 14:21:47 2020 GMT
Not After: Jun 1 14:21:47 2025 GMT
PIN tries left: 5
Expected result
A working Yubikey PIV applet for login while also using the Yubikey Authenticator App
Actual results
Yubikey initialize faild with Yubikey Authenticator App
Other info
- Installed yubico packages
# dpkg -l | grep yubi
ii libyubikey-udev 1.20.0-2 all udev rules for unprivileged access to YubiKeys
ii libyubikey0 1.13-4 amd64 Yubikey OTP handling library runtime
ii yubico-piv-tool 2.2.1~ppa1~focal1 amd64 Command line tool for the YubiKey PIV application. The
ii yubikey-luks 0.5.1+29.g5df2b95-3 all YubiKey two factor authentication for LUKS disks
ii yubikey-personalization 1.20.0-2 amd64 Personalization tool for Yubikey OTP tokens
- Installed pkcs11 packages
# dpkg -l | grep pkcs11
ii gnome-keyring-pkcs11:amd64 3.36.0-1ubuntu1 amd64 GNOME keyring module for the PKCS#11 module loading library
ii libpam-pkcs11 0.6.11-2 amd64 Fully featured PAM module for using PKCS#11 smart cards
ii opensc-pkcs11:amd64 0.20.0-3 amd64 Smart card utilities with support for PKCS#15 compatible cards
- Installed pcscd packages
# dpkg -l | grep pcs
ii libpcsc-perl 1.4.14-4build2 amd64 Perl interface to the PC/SC smart card library
ii libpcsclite1:amd64 1.8.26-3 amd64 Middleware to access a smart card using PC/SC (library)
ii pcsc-tools 1.5.5-1 amd64 Some tools to use with smart cards and PC/SC
ii pcscd 1.8.26-3 amd64 Middleware to access a smart card using PC/SC (daemon side)
I confirmed on my system the same problem:
Linux polo-1378 5.4.0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
YubiKey-Manager was not able to connect to PIV (Unless I disabled PIV and enabled it again). Of course after reboot, removing key from USB port and injecting it again I had the same behavior.
pcsc_scan did not show any of my readers:
Scanning present readers...
Waiting for the first reader...
After removing Yubikey Authenticator App everything started to work properly, so
Scanning present readers...
0: Yubico YubiKey OTP+FIDO+CCID 00 00
1: Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 01 00
2: Broadcom Corp 5880 [Contactless SmartCard] (0123456789ABCD) 02 00
Configuration:
dpkg -l | grep yubi
ii libpam-yubico 2.27-1~ppa1~focal1 amd64 two-factor password and YubiKey OTP PAM module
ii libyubikey-udev 1.20.0-2 all udev rules for unprivileged access to YubiKeys
ii libyubikey0 1.13-4 amd64 Yubikey OTP handling library runtime
ii yubico-piv-tool 2.2.1~ppa1~focal1 amd64 Command line tool for the YubiKey PIV application. The
ii yubikey-manager 4.0.7~ppa1~focal1 amd64 Command line tool for configuring a YubiKey
ii yubikey-personalization-gui 3.1.24-1build1 amd64 Graphical personalization tool for YubiKey tokens
ykman piv info
PIV version: 5.4.3
PIN tries remaining: 3/3
Management key algorithm: AES256
Management key is stored on the YubiKey, protected by PIN.
CHUID: *****
CCC: No data available
dpkg -l | grep pkcs11
ii gnome-keyring-pkcs11:amd64 3.36.0-1ubuntu1 amd64 GNOME keyring module for the PKCS#11 module loading library
dpkg -l | grep pcs
ii libpcsc-perl 1.4.14-4build2 amd64 Perl interface to the PC/SC smart card library
ii libpcsclite1:amd64 1.8.26-3 amd64 Middleware to access a smart card using PC/SC (library)
ii pcsc-tools 1.5.5-1 amd64 Some tools to use with smart cards and PC/SC
ii pcscd 1.8.26-3 amd64 Middleware to access a smart card using PC/SC (daemon side)
Modified scdaemon.conf
cat scdaemon.conf
#disable-ccid
pcsc-driver /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
card-timeout 5
# Always try to use yubikey as the first reader
# even when other smart card readers are connected
# Name of the reader can be found using the pcsc_scan command
# If you have problems with gpg not recognizing the Yubikey
# then make sure that the string here matches exacly pcsc_scan
# command output. Also check journalctl -f for errors.
reader-port Yubico YubiKey OTP+FIDO+CCID
Thank you - the information "snap remove yubioath-desktop" saved my day!
Yeah! This made my day! I also had problems with pcscd and Smart Card interface. I had to unplug and replug the YubiKey various times and it randomly recognized the smartcard. For Ubuntu 20.04: drop the snap install auf yubioath-desktop and use another method (AppImage or apt package)
Yubico Authenticator 6.0 has now been released and uses a new codebase. As such, this issue has been marked with the legacy label, and will be automatically closed in 7 days. If this issue is still relevant to Yubico Authenticator 6, please comment on the issue saying so, and it will be kept open (or be re-opened). Sorry for the inconvenience!
