Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yubikey-agent -setup fails with error about default #129

Closed
AriESQ opened this issue May 19, 2022 · 1 comment
Closed

yubikey-agent -setup fails with error about default #129

AriESQ opened this issue May 19, 2022 · 1 comment

Comments

@AriESQ
Copy link

AriESQ commented May 19, 2022
edited
Loading

I cannot do yubikey-agent -config even after trying to reset the yubikey. Sometimes the error is the default PIN did not work and sometimes the error is the default management key did not work.

Fresh out of package yubikey nano 5c. (Firmware 5.4.3)
macOS: 12.3.1 on M1 Apple Silicon
yubikey-agent 1.5 from homebrew


user@host:[/]$ printenv |grep sock
SSH_AUTH_SOCK=/opt/homebrew/var/run/yubikey-agent.sock

user@host:[/v]$ ls /opt/homebrew/var/run/
yubikey-agent.sock


user@:[/var/log]$ brew services info yubikey-agent
yubikey-agent (homebrew.mxcl.yubikey-agent)
Running: ✔
Loaded: ✔
Schedulable: ✘
User: user
PID: 12071

user@host:[/]$ ykman piv reset
WARNING! This will delete all stored PIV data and restore factory settings. Proceed? [y/N]: y
Resetting PIV data...
Success! All PIV data have been cleared from the YubiKey.
Your YubiKey now has the default PIN, PUK and Management Key:
        PIN:    123456
        PUK:    12345678
        Management Key: 010203040506070801020304050607080102030405060708


user@host:[/]$ yubikey-agent -setup
� The PIN is up to 8 numbers, letters, or symbols. Not just numbers!
❌ The key will be lost if the PIN and PUK are locked after 3 incorrect tries.

Choose a new PIN/PUK:
Repeat PIN/PUK:

� Reticulating splines...
‼️  The default PIN did not work

If you know what you're doing, reset PIN, PUK, and
Management Key to the defaults before retrying.

If you want to wipe all PIV keys and start fresh,
use --really-delete-all-piv-keys ⚠️


user@host:[/]$ yubikey-agent -setup --really-delete-all-piv-keys
Resetting YubiKey PIV applet...
� The PIN is up to 8 numbers, letters, or symbols. Not just numbers!
❌ The key will be lost if the PIN and PUK are locked after 3 incorrect tries.

Choose a new PIN/PUK:
Repeat PIN/PUK:

� Reticulating splines...
‼️  The default PIN did not work

If you know what you're doing, reset PIN, PUK, and
Management Key to the defaults before retrying.

If you want to wipe all PIV keys and start fresh,
use --really-delete-all-piv-keys ⚠️
@hynek
Copy link

hynek commented Aug 21, 2022

While the lack of response is concerning, I have just solved the same problem with this #78 (comment)

TL;DR: the PIN must be at least 6 chars; maybe you have to use yubikey-agent --really-delete-all-piv-keys -setup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hynek @AriESQ