You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ssh-add -s /usr/local/lib/opensc-pkcs11-local.so
Enter passphrase for PKCS#11:
Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation
Error: Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation
ssh -V
OpenSSH_9.4p1, LibreSSL 3.3.6
I tried to debugged and below are the debug logs:
ssh-agent -d -a /tmp/agent.socket
SSH_AUTH_SOCK=/tmp/agent.socket; export SSH_AUTH_SOCK;
echo Agent pid 3476;
debug1: new_socket: type = SOCKET
debug2: fd 3 setting O_NONBLOCK
debug1: new_socket: type = CONNECTION
debug3: fd 4 is O_NONBLOCK
debug1: process_message: socket 1 (fd=4) type 20
debug2: process_add_smartcard_key: entering
debug1: process_add_smartcard_key: add /usr/local/lib/opensc-pkcs11-local.so
debug3: pkcs11_start_helper: start helper for /usr/local/lib/opensc-pkcs11-local.so
debug3: pkcs11_start_helper: helper 0 for "/usr/local/lib/opensc-pkcs11-local.so" on fd 5 pid 3497
debug1: pkcs11_start_helper: starting /usr/libexec/ssh-pkcs11-helper -vvv
debug1: process_add
debug1: provider /usr/local/lib/opensc-pkcs11-local.so: manufacturerID cryptokiVersion 2.20 libraryDescription libraryVersion 0.24
debug1: provider /usr/local/lib/opensc-pkcs11-local.so slot 0: label <YK-20206044-9a-202211030838-P...> manufacturerID <piv_II> model <PKCS#15 emulated> serial <5fda01d983250312> flags 0x4040d
C_Login failed: 164
debug1: pkcs11_provider_finalize: provider "/usr/local/lib/opensc-pkcs11-local.so" refcount 1 valid 1
debug1: pkcs11_provider_unref: provider "/usr/local/lib/opensc-pkcs11-local.so" refcount 1
debug1: pkcs11_add_provider: provider /usr/local/lib/opensc-pkcs11-local.so returned no keys
Has my account locked? As I don't see any solution to this issue anywhere. Below are some options I tried,
Have physically removed the keys and reinserted and restarted Mac
Have reinstalled Opensc
The text was updated successfully, but these errors were encountered:
The error 164 is CKR_PIN_LOCKED, which means you did try too many login attempts to the card (sounds like a yubikey) and the PIN was locked as a security measure. It can be unlocked with yubico-piv-tool with a PUK:
Steps to reproduce:
ssh-add -s /usr/local/lib/opensc-pkcs11-local.so
Enter passphrase for PKCS#11:
Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation
Error: Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation
ssh -V
OpenSSH_9.4p1, LibreSSL 3.3.6
I tried to debugged and below are the debug logs:
ssh-agent -d -a /tmp/agent.socket
SSH_AUTH_SOCK=/tmp/agent.socket; export SSH_AUTH_SOCK;
echo Agent pid 3476;
debug1: new_socket: type = SOCKET
debug2: fd 3 setting O_NONBLOCK
debug1: new_socket: type = CONNECTION
debug3: fd 4 is O_NONBLOCK
debug1: process_message: socket 1 (fd=4) type 20
debug2: process_add_smartcard_key: entering
debug1: process_add_smartcard_key: add /usr/local/lib/opensc-pkcs11-local.so
debug3: pkcs11_start_helper: start helper for /usr/local/lib/opensc-pkcs11-local.so
debug3: pkcs11_start_helper: helper 0 for "/usr/local/lib/opensc-pkcs11-local.so" on fd 5 pid 3497
debug1: pkcs11_start_helper: starting /usr/libexec/ssh-pkcs11-helper -vvv
debug1: process_add
debug1: provider /usr/local/lib/opensc-pkcs11-local.so: manufacturerID cryptokiVersion 2.20 libraryDescription libraryVersion 0.24
debug1: provider /usr/local/lib/opensc-pkcs11-local.so slot 0: label <YK-20206044-9a-202211030838-P...> manufacturerID <piv_II> model <PKCS#15 emulated> serial <5fda01d983250312> flags 0x4040d
C_Login failed: 164
debug1: pkcs11_provider_finalize: provider "/usr/local/lib/opensc-pkcs11-local.so" refcount 1 valid 1
debug1: pkcs11_provider_unref: provider "/usr/local/lib/opensc-pkcs11-local.so" refcount 1
debug1: pkcs11_add_provider: provider /usr/local/lib/opensc-pkcs11-local.so returned no keys
Has my account locked? As I don't see any solution to this issue anywhere. Below are some options I tried,
Have physically removed the keys and reinserted and restarted Mac
Have reinstalled Opensc
The text was updated successfully, but these errors were encountered: