Forward Yubico for sudo authentication over SSH

[PedroCavaleiro]

I've been trying to forward my Yubico to perform sudo authentication without having to use the password

I've successfully performed SSH auth with Yubico on macOS 12 using ssh -A [email protected]

But when trying to get the key on the remote machine using the command ssh-keygen -D /usr/lib/x86_64-linux-gnu/libykcs11.so I get the following error

C_GetSlotList failed: 48
cannot read public key from pkcs11

Also running ykpamcfg -2 -v outputs Yubikey core error: no yubikey present

My local gpg-agent.conf

enable-ssh-support
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
default-cache-ttl 60
max-cache-ttl 120

My local .ssh/config

Host server.com
  HostName server.com
  ForwardAgent yes
  User user
  # RemoteForward /run/user/1000/gnupg/S.gpg-agent /Users/pedrocavaleiro/.gnupg/S.gpg-agent.extra
  RemoteForward /run/user/1000/gnupg/S.gpg-agent /Users/pedrocavaleiro/.gnupg/S.gpg-agent
  RemoteForward /run/user/1000/gnupg/S.gpg-agent.ssh /Users/pedrocavaleiro/.gnupg/S.gpg-agent.ssh

In this case I'm not using the S.gpg-agent.extra because it locks some functionality (and yes I'm aware of the implications)

On the remote machine in the /etc/ssh/sshd_config config file I do have the StreamLocalBindUnlink yes line

I'm able to run gpg --card-status and it returns my Yubico key

This question is also on ServerFault: Yubico forward over ssh

As of versions they are the following

• macOS (Local Machine)

macOS 12.4 (21F79)
ssh: OpenSSH_8.6p1, LibreSSL 3.3.6
gpg (GnuPG/MacGPG2) 2.2.34
libgcrypt 1.8.9

• Ubuntu Server (Remote Machine)

Ubuntu 22.04 LTS
Kernel: 5.15.0-40-generic
ssh: OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
gpg (GnuPG) 2.2.27
libgcrypt 1.9.4