gpg-agent unable to see yubikey until manually re-running `gpg --card-status`

Simon Josefsson simon at josefsson.org
Mon Jun 29 10:23:24 CEST 2015


"Lance R. Vick" <lance at lrvick.net> writes:

> I only ever tried this on 2.0.0 as far as older versions go, and that was
> similarly broken. I didn't bother documenting as I saw there were some
> smartcard updates in 2.1.4 so I upgraded.
>
> Just now had another variation (on 2.1.4):
>
> 1. start gpg-agent
> 2. populate SSH_AUTH_SOCK
> 3. ssh successfully
> 4. remove yubikey
> 5. insert yubikey
> 6. attempt to ssh -> "Permission Denied (Publickey)"
> 7. `gpg --card status` -> "no card present"
> 8. `gpg --card status` (again) -> Got usual card output
> 9. ssh successfully again

What mode is your YubiKey NEO in?  If it is in the OTP/CCID combo mode,
and you touch it, it will eject the CCID interface, issue an OTP, and
then re-insert itself to CCID after a small timeout.  Just an idea.

Can you always reproduce the above, or is it timing dependent?  Does the
problem occur if you wait 20 seconds before doing every step?

Being able to reproduce this on someone else's system would be a good
step towards fixing it.

/Simon

>
> On Thu, Jun 18, 2015 at 1:32 AM, Werner Koch <wk at gnupg.org> wrote:
>
>> On Wed, 17 Jun 2015 18:17, simon at josefsson.org said:
>>
>> > I've seen the error many times, also when I used a g10code smartcard,
>> > but lately things have been smooth.  I think there have been a couple of
>>
>> Old versions of GnuPG assumed that there is a card reader which can tell
>> you whether a card has been removed or inserted.  However USB tokens are
>> different in that you insert/remove the entire reader.  gniibe fixed
>> these problems some time ago.
>>
>>
>> Salam-Shalom,
>>
>>    Werner
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: </pipermail/attachments/20150629/f291a3fb/attachment.sig>


More information about the Gnupg-users mailing list