Smart card issues on F22
David Timothy Strauss
david at davidstrauss.net
Tue Jun 9 00:53:51 UTC 2015
Setting up my YubiKey Neo to use PKCS #11/PIV/CCID features for SSH used to
work fine, at least on Fedora 20 and 21. Now, with Fedora 22, it cannot
ever find the device. I know the device is configured properly because it
still works properly on an F21 box I have.
I suspect the issue may be the libinput switch or the move to have PCSC
daemon be socket-activated (I think both changes happened between F21 and
F22).
Here is what I see from "sudo journalctl -fa" output when I insert it into
an F22 machine with PCSC installed:
Jun 08 17:42:53 titan.davidstrauss.net kernel: usb 1-1.1: new full-speed
USB device number 13 using xhci_hcd
Jun 08 17:42:53 titan.davidstrauss.net kernel: usb 1-1.1: New USB device
found, idVendor=1050, idProduct=0116
Jun 08 17:42:53 titan.davidstrauss.net kernel: usb 1-1.1: New USB device
strings: Mfr=1, Product=2, SerialNumber=0
Jun 08 17:42:53 titan.davidstrauss.net kernel: usb 1-1.1: Product: Yubikey
NEO OTP+U2F+CCID
Jun 08 17:42:53 titan.davidstrauss.net kernel: usb 1-1.1: Manufacturer:
Yubico
Jun 08 17:42:53 titan.davidstrauss.net kernel: usb 1-1.1: ep 0x81 -
rounding interval to 64 microframes, ep desc says 80 microframes
Jun 08 17:42:53 titan.davidstrauss.net kernel: input: Yubico Yubikey NEO
OTP+U2F+CCID as
/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.1/1-1.1:1.0/0003:1050:0116.0006/input/input22
Jun 08 17:42:53 titan.davidstrauss.net kernel: hid-generic
0003:1050:0116.0006: input,hidraw0: USB HID v1.10 Keyboard [Yubico Yubikey
NEO OTP+U2F+CCID] on usb-0000:00:14.0-1.1/input0
Jun 08 17:42:53 titan.davidstrauss.net kernel: hid-generic
0003:1050:0116.0007: hiddev0,hidraw1: USB HID v1.10 Device [Yubico Yubikey
NEO OTP+U2F+CCID] on usb-0000:00:14.0-1.1/input1
Jun 08 17:42:53 titan.davidstrauss.net mtp-probe[3497]: checking bus 1,
device 13: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.1"
Jun 08 17:42:53 titan.davidstrauss.net mtp-probe[3497]: bus: 1, device: 13
was not an MTP device
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) config/udev: Adding input device Yubico Yubikey NEO OTP+U2F+CCID
(/dev/input/event6)
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Yubico Yubikey NEO OTP+U2F+CCID: Applying InputClass "evdev keyboard
catchall"
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Yubico Yubikey NEO OTP+U2F+CCID: Applying InputClass "libinput
keyboard catchall"
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Yubico Yubikey NEO OTP+U2F+CCID: Applying InputClass "system-keyboard"
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) systemd-logind: got fd for /dev/input/event6 13:70 fd 33 paused 0
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) Using input driver 'libinput' for 'Yubico Yubikey NEO OTP+U2F+CCID'
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Yubico Yubikey NEO OTP+U2F+CCID: always reports core events
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Option "Device" "/dev/input/event6"
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) input device 'Yubico Yubikey NEO OTP+U2F+CCID', /dev/input/event6 is
tagged by udev as: Keyboard
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) input device 'Yubico Yubikey NEO OTP+U2F+CCID', /dev/input/event6 is a
keyboard
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Option "config_info"
"udev:/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.1/1-1.1:1.0/0003:1050:0116.0006/input/input22/event6"
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) XINPUT: Adding extended input device "Yubico Yubikey NEO OTP+U2F+CCID"
(type: KEYBOARD, id 9)
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(**) Option "xkb_layout" "us"
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) input device 'Yubico Yubikey NEO OTP+U2F+CCID', /dev/input/event6 is
tagged by udev as: Keyboard
Jun 08 17:42:53 titan.davidstrauss.net /usr/libexec/gdm-x-session[2121]:
(II) input device 'Yubico Yubikey NEO OTP+U2F+CCID', /dev/input/event6 is a
keyboard
Here is what happens when I insert it into an F21 machine with PCSC where
it works:
Jun 08 17:47:28 localhost.localdomain kernel: usb 1-14: new full-speed USB
device number 41 using xhci_hcd
Jun 08 17:47:29 localhost.localdomain kernel: usb 1-14: New USB device
found, idVendor=1050, idProduct=0116
Jun 08 17:47:29 localhost.localdomain kernel: usb 1-14: New USB device
strings: Mfr=1, Product=2, SerialNumber=0
Jun 08 17:47:29 localhost.localdomain kernel: usb 1-14: Product: Yubikey
NEO OTP+U2F+CCID
Jun 08 17:47:29 localhost.localdomain kernel: usb 1-14: Manufacturer: Yubico
Jun 08 17:47:29 localhost.localdomain kernel: usb 1-14: ep 0x81 - rounding
interval to 64 microframes, ep desc says 80 microframes
Jun 08 17:47:29 localhost.localdomain kernel: input: Yubico Yubikey NEO
OTP+U2F+CCID as
/devices/pci0000:00/0000:00:14.0/usb1/1-14/1-14:1.0/0003:1050:0116.002F/input/input40
Jun 08 17:47:29 localhost.localdomain kernel: hid-generic
0003:1050:0116.002F: input,hidraw2: USB HID v1.10 Keyboard [Yubico Yubikey
NEO OTP+U2F+CCID] on usb-0000:00:14.0-14/input0
Jun 08 17:47:29 localhost.localdomain kernel: hid-generic
0003:1050:0116.0030: hiddev0,hidraw3: USB HID v1.10 Device [Yubico Yubikey
NEO OTP+U2F+CCID] on usb-0000:00:14.0-14/input1
Jun 08 17:47:29 localhost.localdomain mtp-probe[1612]: checking bus 1,
device 41: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-14"
Jun 08 17:47:29 localhost.localdomain mtp-probe[1612]: bus: 1, device: 41
was not an MTP device
Jun 08 17:47:29 localhost.localdomain pcscd[15961]: 07073649
ifdhandler.c:130:CreateChannelByNameOrChannel() failed
Jun 08 17:47:29 localhost.localdomain pcscd[15961]: 00000017
readerfactory.c:1043:RFInitializeReader() Open Port 0x200000 Failed
(usb:1050/0116:libudev:0:/dev/bus/usb/001/041)
Jun 08 17:47:29 localhost.localdomain pcscd[15961]: 00000003
readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+U2F+CCID init
failed.
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (II) config/udev:
Adding input device Yubico Yubikey NEO OTP+U2F+CCID (/dev/input/event14)
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Yubico
Yubikey NEO OTP+U2F+CCID: Applying InputClass "evdev keyboard catchall"
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Yubico
Yubikey NEO OTP+U2F+CCID: Applying InputClass "system-keyboard"
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (II) Using input
driver 'evdev' for 'Yubico Yubikey NEO OTP+U2F+CCID'
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Yubico
Yubikey NEO OTP+U2F+CCID: always reports core events
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) evdev: Yubico
Yubikey NEO OTP+U2F+CCID: Device: "/dev/input/event14"
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (--) evdev: Yubico
Yubikey NEO OTP+U2F+CCID: Vendor 0x1050 Product 0x116
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (--) evdev: Yubico
Yubikey NEO OTP+U2F+CCID: Found keys
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (II) evdev: Yubico
Yubikey NEO OTP+U2F+CCID: Configuring as keyboard
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Option
"config_info"
"udev:/sys/devices/pci0000:00/0000:00:14.0/usb1/1-14/1-14:1.0/0003:1050:0116.002F/input/input40/event14"
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (II) XINPUT:
Adding extended input device "Yubico Yubikey NEO OTP+U2F+CCID" (type:
KEYBOARD, id 11)
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Option
"xkb_rules" "evdev"
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Option
"xkb_model" "pc104"
Jun 08 17:47:29 localhost.localdomain gdm-Xorg-:0[1281]: (**) Option
"xkb_layout" "us"
Jun 08 17:47:29 localhost.localdomain pcscd[15961]: 00003773
ifdhandler.c:130:CreateChannelByNameOrChannel() failed
Jun 08 17:47:29 localhost.localdomain pcscd[15961]: 00000010
readerfactory.c:1043:RFInitializeReader() Open Port 0x200001 Failed
(usb:1050/0116:libudev:1:/dev/bus/usb/001/041)
Jun 08 17:47:29 localhost.localdomain pcscd[15961]: 00000002
readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+U2F+CCID init
failed.
I think the "failed" at the end of the second set of log entries is because
I've changed the PIN, stopping fully automatic initialization. At SSH
connection time, it asks for the PIN and then works.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20150609/37278559/attachment.html>
More information about the users
mailing list