ykman oath returns 'Failed connecting to the YubiKey'

[jgunthorpe]

Killing gpg's scdaemon seems to restore functionality:

$ ykman oath list
Usage: ykman [OPTIONS] COMMAND [ARGS]...

Error: Failed connecting to the YubiKey.
$ killall scdaemon
$ ykman oath  ist
test

I'm not sure exactly what triggers the failure, but often after signing something using gpg and an OpenPGP key stored in the yubikey, ykman begins to fail again.

This is on a Ubuntu Xenial system (gpg2 2.1.11) with a YubiKey 4 (FW 4.3.7)

When things are working running 'oath list' causes scdaemon to exit with SIGKILL:

read(6, "Yubico Yubikey 4 OTP+U2F+CCID 00"..., 2944) = 2944
pselect6(4, [3], NULL, NULL, {0, 500000000}, {[], 8}) = 0 (Timeout)
select(7, NULL, [6], NULL, NULL)        = 1 (out [6])
sendto(6, "\0\0\0\0\22\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
select(7, [6], NULL, NULL, NULL)        = 1 (in [6])
read(6, "Yubico Yubikey 4 OTP+U2F+CCID 00"..., 2944) = 2944
pselect6(4, [3], NULL, NULL, {0, 500000000}, {[], 8} <unfinished ...>
+++ killed by SIGKILL +++

When things are not working strace says scdaemon is looping doing this:

pselect6(4, [3], NULL, NULL, {0, 500000000}, {[], 8}) = 0 (Timeout)
ioctl(6, USBDEVFS_SUBMITURB, 0x7ffe2786e010) = 0
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfd8) = 0
ioctl(6, USBDEVFS_SUBMITURB, 0x7ffe2786dfe0) = 0
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfa8) = 0
pselect6(4, [3], NULL, NULL, {0, 500000000}, {[], 8}) = 0 (Timeout)
ioctl(6, USBDEVFS_SUBMITURB, 0x7ffe2786e010) = 0
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfd8) = 0
ioctl(6, USBDEVFS_SUBMITURB, 0x7ffe2786dfe0) = 0
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfa8) = 0
pselect6(4, [3], NULL, NULL, {0, 500000000}, {[], 8}) = 0 (Timeout)
ioctl(6, USBDEVFS_SUBMITURB, 0x7ffe2786e010) = 0
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfd8) = -1 EAGAIN (Resource temporarily unavailable)
select(7, NULL, [6], NULL, {0, 1000})   = 1 (out [6], left {0, 999})
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfd8) = 0
ioctl(6, USBDEVFS_SUBMITURB, 0x7ffe2786dfe0) = 0
ioctl(6, USBDEVFS_REAPURBNDELAY, 0x7ffe2786dfa8) = -1 EAGAIN (Resource temporarily unavailable)
select(7, NULL, [6], NULL, {0, 1000})   = 1 (out [6], left {0, 999})

Even when things are working it is kind of useless because requesting a TOPT value causes scdaemon to exit and then requires pin re-entry on the gpg2 side..

Can't ykman access the yubikey without disrupting scdaemon?

[dagheyman]

Thanks for the report!

When it fails, could you try $ ykman --log-level DEBUG oath list to see if it gives any more hints?

Can't ykman access the yubikey without disrupting scdaemon?

Unfortunately not, since scdaemon opens the smart card in exclusive mode.

[jgunthorpe]

$ ykman --log-level=DEBUG oath list
2018-01-02T07:58:48-0700 DEBUG [ykman.descriptor.Descriptor.open_device:86] transports: 0x4, self.mode.transports: 0x7
2018-01-02T07:58:48-0700 DEBUG [ykman.descriptor.open_driver:141] Opening driver for serial: None, pid: PID.YK4_OTP_U2F_CCID
2018-01-02T07:58:48-0700 DEBUG [ykman.descriptor.open_driver:143] Attempt 1 of 3
2018-01-02T07:58:48-0700 DEBUG [ykman.descriptor.open_driver:161] Sleeping for 0.100000 s
2018-01-02T07:58:48-0700 DEBUG [ykman.descriptor.open_driver:143] Attempt 2 of 3
2018-01-02T07:58:48-0700 DEBUG [ykman.descriptor.open_driver:161] Sleeping for 0.200000 s
2018-01-02T07:58:49-0700 DEBUG [ykman.descriptor.open_driver:143] Attempt 3 of 3
2018-01-02T07:58:49-0700 DEBUG [ykman.descriptor.open_driver:161] Sleeping for 0.300000 s
2018-01-02T07:58:49-0700 DEBUG [ykman.descriptor.open_driver:163] No driver found for serial: None, pid: PID.YK4_OTP_U2F_CCID
Usage: ykman [OPTIONS] COMMAND [ARGS]...

Error: Failed connecting to the YubiKey.

[blabno]

I'm getting the same error, except for openpgp:

ykman -l DEBUG openpgp info
2019-03-21T06:41:26+0100 INFO [ykman.logging_setup.setup:59] Initialized logging for ykman version: 2.1.0
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.Descriptor.open_device:75] transports: 0x4, self.mode.transports: 0x7
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:80] Opening driver for serial: None, type: YUBIKEY.YK4, mode: OTP+FIDO+CCID
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 1 of 10
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.100000 s
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 2 of 10
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.200000 s
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 3 of 10
2019-03-21T06:41:26+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.300000 s
2019-03-21T06:41:27+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 4 of 10
2019-03-21T06:41:27+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.400000 s
2019-03-21T06:41:27+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 5 of 10
2019-03-21T06:41:27+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.500000 s
2019-03-21T06:41:27+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 6 of 10
2019-03-21T06:41:27+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.600000 s
2019-03-21T06:41:28+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 7 of 10
2019-03-21T06:41:28+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.700000 s
2019-03-21T06:41:29+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 8 of 10
2019-03-21T06:41:29+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.800000 s
2019-03-21T06:41:30+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 9 of 10
2019-03-21T06:41:30+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 0.900000 s
2019-03-21T06:41:30+0100 DEBUG [ykman.descriptor.open_device:82] Attempt 10 of 10
2019-03-21T06:41:30+0100 DEBUG [ykman.descriptor.open_device:101] Sleeping for 1.000000 s
2019-03-21T06:41:31+0100 DEBUG [ykman.descriptor.open_device:103] No matching device found
Usage: ykman [OPTIONS] COMMAND [ARGS]...

Error: Failed connecting to the YubiKey.

ykman list
YubiKey 5 NFC [OTP+FIDO+CCID] Serial: 9724385

ykman info
Device type: YubiKey 5 NFC
Serial number: 9724385
Firmware version: 5.1.2
Form factor: Keychain (USB-A)
Enabled USB interfaces: OTP+FIDO+CCID
NFC interface is enabled.

Applications USB NFC
OTP Enabled Enabled
FIDO U2F Enabled Enabled
OpenPGP Enabled Enabled
PIV Enabled Enabled
OATH Enabled Enabled
FIDO2 Enabled Enabled

In general them key works. I just can't setup touch policy.

[blabno]

If I specifice device serial, then I get a bit different error:

ykman --device 9724385 -l DEBUG openpgp touch aut on
2019-03-21T06:47:56+0100 INFO [ykman.logging_setup.setup:59] Initialized logging for ykman version: 2.1.0
2019-03-21T06:47:56+0100 DEBUG [ykman.descriptor._open_driver:159] Opening driver for transports: TRANSPORT.CCID, serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:56+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 1 of 10
2019-03-21T06:47:56+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.100000 s
2019-03-21T06:47:56+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:56+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 2 of 10
2019-03-21T06:47:56+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.200000 s
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 3 of 10
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.300000 s
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 4 of 10
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.400000 s
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 5 of 10
2019-03-21T06:47:57+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.500000 s
2019-03-21T06:47:58+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:58+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 6 of 10
2019-03-21T06:47:58+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.600000 s
2019-03-21T06:47:58+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:58+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 7 of 10
2019-03-21T06:47:58+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.700000 s
2019-03-21T06:47:59+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:47:59+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 8 of 10
2019-03-21T06:47:59+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.800000 s
2019-03-21T06:48:00+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:48:00+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 9 of 10
2019-03-21T06:48:00+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 0.900000 s
2019-03-21T06:48:01+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:48:01+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 10 of 10
2019-03-21T06:48:01+0100 DEBUG [ykman.descriptor._open_driver:184] Sleeping for 1.000000 s
2019-03-21T06:48:02+0100 DEBUG [ykman.descriptor._open_driver:187] No driver found for serial: 9724385, key_type: None, mode: None
2019-03-21T06:48:02+0100 DEBUG [ykman.descriptor._open_driver:159] Opening driver for transports: 7, serial: 9724385, key_type: None, mode: None
2019-03-21T06:48:02+0100 DEBUG [ykman.descriptor._open_driver:161] Attempt 1 of 10
2019-03-21T06:48:02+0100 DEBUG [ykman.driver_otp.open_devices:224] Success in opening key at position 0
2019-03-21T06:48:02+0100 DEBUG [ykman.device.init:198] Read config from device...
2019-03-21T06:48:02+0100 DEBUG [ykman.device.init:200] Success!
2019-03-21T06:48:02+0100 DEBUG [ykman.device.init:290] Identified YubiKey 5
2019-03-21T06:48:02+0100 DEBUG [ykman.descriptor._open_driver:166] Found driver: <ykman.driver_otp.OTPDriver object at 0x7f6fc8714a20> serial: 9724385, key_type: YUBIKEY.YK4, mode: OTP+FIDO+CCID
2019-03-21T06:48:02+0100 DEBUG [ykman.device.init:198] Read config from device...
2019-03-21T06:48:02+0100 DEBUG [ykman.device.init:200] Success!
2019-03-21T06:48:02+0100 DEBUG [ykman.device.init:290] Identified YubiKey 5
2019-03-21T06:48:02+0100 DEBUG [ykman.driver_otp.del:208] Destroy <ykman.driver_otp.OTPDriver object at 0x7f6fc8714a20>
2019-03-21T06:48:02+0100 DEBUG [ykman.driver_otp.close:203] Close <ykman.driver_otp.OTPDriver object at 0x7f6fc8714a20>
Traceback (most recent call last):
File "/home/bernard/.local/bin/ykman", line 11, in
load_entry_point('yubikey-manager==2.1.0', 'console_scripts', 'ykman')()
File "/home/bernard/.local/lib64/python3.6/site-packages/ykman/cli/main.py", line 253, in main
cli(obj={})
File "/home/bernard/.local/lib64/python3.6/site-packages/click/core.py", line 722, in call
return self.main(*args, **kwargs)
File "/home/bernard/.local/lib64/python3.6/site-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/home/bernard/.local/lib64/python3.6/site-packages/click/core.py", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/bernard/.local/lib64/python3.6/site-packages/click/core.py", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/bernard/.local/lib64/python3.6/site-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/bernard/.local/lib64/python3.6/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/home/bernard/.local/lib64/python3.6/site-packages/click/decorators.py", line 17, in new_func
return f(get_current_context(), *args, **kwargs)
File "/home/bernard/.local/lib64/python3.6/site-packages/ykman/cli/opgp.py", line 173, in touch
controller = ctx.obj['controller']
File "/home/bernard/.local/lib64/python3.6/site-packages/ykman/cli/util.py", line 106, in getitem
self.resolve()
File "/home/bernard/.local/lib64/python3.6/site-packages/ykman/cli/util.py", line 103, in resolve
self._objects[k] = f()
File "/home/bernard/.local/lib64/python3.6/site-packages/ykman/cli/main.py", line 189, in resolve_device
ctx.call_on_close(dev.close)
AttributeError: 'NoneType' object has no attribute 'close'

[blabno]

I've managed to set touch policy with https://github.com/a-dma/yubitouch

[timkeeler]

If I specifice device serial, then I get a bit different error:

ykman --device 9724385 -l DEBUG openpgp touch aut on

I'm also having this same issue on Alpine Linux. Happy to assist with the troubleshooting:

> ykman -l DEBUG openpgp info
2019-09-01T22:11:30+0000 INFO [ykman.logging_setup.setup:59] Initialized logging for ykman version: 3.1.0
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.Descriptor.open_device:85] transports: 0x4, self.mode.transports: 0x7
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:90] Opening driver for serial: None, type: YUBIKEY.YK4, mode: OTP+FIDO+CCID
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 1 of 10
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.100000 s
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 2 of 10
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.200000 s
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 3 of 10
2019-09-01T22:11:30+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.300000 s
2019-09-01T22:11:31+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 4 of 10
2019-09-01T22:11:31+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.400000 s
2019-09-01T22:11:31+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 5 of 10
2019-09-01T22:11:31+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.500000 s
2019-09-01T22:11:31+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 6 of 10
2019-09-01T22:11:31+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.600000 s
2019-09-01T22:11:32+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 7 of 10
2019-09-01T22:11:32+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.700000 s
2019-09-01T22:11:33+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 8 of 10
2019-09-01T22:11:33+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.800000 s
2019-09-01T22:11:34+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 9 of 10
2019-09-01T22:11:34+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 0.900000 s
2019-09-01T22:11:34+0000 DEBUG [ykman.descriptor.open_device:92] Attempt 10 of 10
2019-09-01T22:11:34+0000 DEBUG [ykman.descriptor.open_device:111] Sleeping for 1.000000 s
2019-09-01T22:11:35+0000 DEBUG [ykman.descriptor.open_device:113] No matching device found
Usage: ykman [OPTIONS] COMMAND [ARGS]...
Try "ykman -h" for help.

Error: Failed connecting to YubiKey 5 [OTP+FIDO+CCID]

> ykman -l DEBUG --device 08623144 openpgp info
2019-09-01T22:12:08+0000 INFO [ykman.logging_setup.setup:59] Initialized logging for ykman version: 3.1.0
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:170] Opening driver for transports: TRANSPORT.CCID, serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 1 of 10
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.100000 s
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 2 of 10
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.200000 s
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 3 of 10
2019-09-01T22:12:08+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.300000 s
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 4 of 10
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.400000 s
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 5 of 10
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.500000 s
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 6 of 10
2019-09-01T22:12:09+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.600000 s
2019-09-01T22:12:10+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:10+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 7 of 10
2019-09-01T22:12:10+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.700000 s
2019-09-01T22:12:11+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:11+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 8 of 10
2019-09-01T22:12:11+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.800000 s
2019-09-01T22:12:12+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:12+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 9 of 10
2019-09-01T22:12:12+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 0.900000 s
2019-09-01T22:12:12+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:12+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 10 of 10
2019-09-01T22:12:12+0000 DEBUG [ykman.descriptor._open_driver:195] Sleeping for 1.000000 s
2019-09-01T22:12:13+0000 DEBUG [ykman.descriptor._open_driver:198] No driver found for serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:13+0000 DEBUG [ykman.descriptor._open_driver:170] Opening driver for transports: 7, serial: 8623144, key_type: None, mode: None
2019-09-01T22:12:13+0000 DEBUG [ykman.descriptor._open_driver:172] Attempt 1 of 10
2019-09-01T22:12:18+0000 DEBUG [ykman.driver_otp.open_devices:222] Failed to open key at position 0
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalExchange:249] payload: [207, 34, 164, 39, 209, 130, 205, 220]
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalSendPacket:292] sending packet: [255, 255, 255, 255, 134, 0, 8, 207, 34, 164, 39, 209, 130, 205, 220, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalReadFrame:301] recv: [255, 255, 255, 255, 134, 0, 17, 207, 34, 164, 39, 209, 130, 205, 220, 0, 17, 0, 14, 2, 5, 1, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
2019-09-01T22:12:18+0000 DEBUG [ykman.device.__init__:198] Read config from device...
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalSendPacket:292] sending packet: [0, 17, 0, 14, 194, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalReadFrame:301] recv: [0, 17, 0, 14, 194, 0, 44, 43, 1, 2, 2, 63, 3, 2, 2, 63, 2, 4, 0, 131, 148, 40, 4, 1, 4, 5, 3, 5, 1, 0, 6, 2, 0, 0, 7, 1, 15, 8, 1, 0, 13, 2, 2, 63, 14, 2, 2, 43, 10, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
2019-09-01T22:12:18+0000 DEBUG [ykman.device.__init__:200] Success!
2019-09-01T22:12:18+0000 DEBUG [ykman.device.__init__:292] Identified YubiKey 5
2019-09-01T22:12:18+0000 DEBUG [ykman.descriptor._open_driver:177] Found driver: <ykman.driver_fido.FidoDriver object at 0x7f4f2cdec550> serial: 8623144, key_type: YUBIKEY.YK4, mode: OTP+FIDO+CCID
2019-09-01T22:12:18+0000 DEBUG [ykman.device.__init__:198] Read config from device...
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalSendPacket:292] sending packet: [0, 17, 0, 14, 194, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
2019-09-01T22:12:18+0000 DEBUG [_pyu2f.hidtransport.InternalReadFrame:301] recv: [0, 17, 0, 14, 194, 0, 44, 43, 1, 2, 2, 63, 3, 2, 2, 63, 2, 4, 0, 131, 148, 40, 4, 1, 4, 5, 3, 5, 1, 0, 6, 2, 0, 0, 7, 1, 15, 8, 1, 0, 13, 2, 2, 63, 14, 2, 2, 43, 10, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
2019-09-01T22:12:18+0000 DEBUG [ykman.device.__init__:200] Success!
2019-09-01T22:12:18+0000 DEBUG [ykman.device.__init__:292] Identified YubiKey 5
Traceback (most recent call last):
  File "/usr/bin/ykman", line 11, in <module>
    load_entry_point('yubikey-manager==3.1.0', 'console_scripts', 'ykman')()
  File "/usr/lib/python2.7/site-packages/ykman/cli/__main__.py", line 260, in main
    cli(obj={})
  File "/usr/lib/python2.7/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python2.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python2.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python2.7/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python2.7/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/ykman/cli/opgp.py", line 102, in info
    controller = ctx.obj['controller']
  File "/usr/lib/python2.7/site-packages/ykman/cli/util.py", line 127, in __getitem__
    self.resolve()
  File "/usr/lib/python2.7/site-packages/ykman/cli/util.py", line 124, in resolve
    self._objects[k] = f()
  File "/usr/lib/python2.7/site-packages/ykman/cli/__main__.py", line 190, in resolve_device
    ctx.call_on_close(dev.close)
AttributeError: 'NoneType' object has no attribute 'close'

> ykman info
Device type: YubiKey 5C Nano
Serial number: 8623144
Firmware version: 5.1.0
Form factor: Nano (USB-C)
Enabled USB interfaces: OTP+FIDO+CCID

Applications
OTP     	Enabled
FIDO U2F	Enabled
OpenPGP 	Enabled
PIV     	Enabled
OATH    	Enabled
FIDO2   	Enabled

FWIW I do not have this problem when I attempt the same on my Mac

[tardypad]

I was having the same error when trying to use both OATH and CCID at the same time
This issue is also described in this pretty old post https://forum.yubico.com/viewtopicb85f.html?p=7513

In short after plugging the key:

• If I use OATH first, then I couldn't use my GPG key

> gpg --card-status
gpg: selecting openpgp failed: No such device  
gpg: OpenPGP card not available: No such device

• If I use CCID first (for my GPG key), then I couldn't use anymore OATH

> ykman oath list
Usage: ykman [OPTIONS] COMMAND [ARGS]...
Try "ykman -h" for help.

Error: No YubiKey detected!

I've managed to "fix" it (for now?) by following the advice from https://support.yubico.com/support/solutions/articles/15000014892-troubleshooting-gpg-no-such-device- of putting "reader-port Yubico YubiKey" (for Yubikey 5) in ~/.gnupg/scdaemon.conf file

Now "I can use both OATH and CCID"
HOWEVER every time I use OATH, the gnupg scdaemon gets released/disconnected, so next time I need to use the GPG key I have to reenter the PIN.
From what I gathered in a previous comment, this is expected due to gnupg scdaemon current behavior.
So this is less than ideal but at least it doesn't require unplugging and plugging the key to switch between them

[iMilnb]

I'm hit by the same bug. I noticed that it happens only if I use gpg before oath. Note that in this situation, this happens also:

$  opensc-tool --list-readers
No smart card readers found.

And all of the info command fail with the same message, including openpgp:

$ ykman piv info
Usage: ykman [OPTIONS] COMMAND [ARGS]...

Error: Failed connecting to YubiKey 4 [OTP+FIDO+CCID]
$ ykman oath code "foo"
Usage: ykman [OPTIONS] COMMAND [ARGS]...

Error: Failed connecting to YubiKey 4 [OTP+FIDO+CCID]
$ ykman openpgp info
Usage: ykman [OPTIONS] COMMAND [ARGS]...

Error: Failed connecting to YubiKey 4 [OTP+FIDO+CCID]

When the first command I use is for example oath list, everything works perfectly afterwards.

[mikart143]

I noticed the same problem for ykman fido unlock

[boredabdel]

Faced the same issue with ykman otp swap

ykman info
Device type: YubiKey 4
Serial number: 7203850
Firmware version: 4.3.7
Enabled USB interfaces: OTP+FIDO+CCID

[edsantiago]

FWIW, I experienced the same problem today when first installing yubikey-manager on my Gentoo system. One important clue was:

Mar  8 10:57:40 v pcscd[28008]: /opt/gentoo/tmp/portage/sys-apps/pcsc-lite-1.8.25-r1/work/pcsc-lite-1.8.25/src/hotplug_libudev.c:122:HPReadBundleValues() Cannot open PC/SC drivers directory: /usr/lib64/readers/usb
Mar  8 10:57:40 v pcscd[28008]: /opt/gentoo/tmp/portage/sys-apps/pcsc-lite-1.8.25-r1/work/pcsc-lite-1.8.25/src/hotplug_libudev.c:123:HPReadBundleValues() Disabling USB support for pcscd.

Another was this install-time warning from yubikey-manager:

The 'openpgp' command may require the package 'app-crypt/ccid' to be
installed on the system.

Indeed, the ccid package provides /usr/lib64/readers/usb/..., and installing it makes ykman oath list happy. HTH.

[dinvlad]

Same issue here with Ubuntu 19.10, trying to use any of the ykman openpgp commands..

[aspyct]

Same issue here. Brand new yubikey 5 nfc, on kubuntu 20.04. Can't even list the serials, with or without sudo.

$ sudo ykman --log-level DEBUG list --serials
2020-05-08T21:46:21+0200 INFO [ykman.logging_setup.setup:58] Initialized logging for ykman version: 3.1.1
2020-05-08T21:46:21+0200 DEBUG [ykman.cli.__main__.list_keys:258] Failed to open some devices, listing based on descriptors
YubiKey 5 [OTP+FIDO+CCID]

Help would be appreciated.

[edsantiago]

@aspyct make sure you have the pcsc package installed, and that it is running. Then make sure you have ccid package installed. Then make sure you have the Yubico udev rules on your system (these may already be in /lib/udev/rules.d or /etc/udev/rules.d). There really oughta be a checklist somewhere.

(Quick note: I know nothing about Ubuntu. Package names may be different, just search for matches). Good luck.

[aspyct]

Well, after a lot of trial and error, I've noticed that the yubikey sometimes works, sometimes doesn't. Also, it's a lot more likely to fail if you use it through a usb hub (although again, it's a bit erratic).

Whenever ykman list --serials fails, then a gpg --card-status will fail as well, indicating "no device". When the ykman list works, gpg works as well.

I have two other gpg card readers from competitor brands which are working consistently, even through the usb hub. Except sometimes when plugged in after the yubikey, as if something was left in an inconsistent state.

I'm not sure what is to blame, if it's the yubikey or scdaemon. Unfortunately so far I can't get any logs from the scdaemon when I use gpg commands. Any suggestion on that is welcome.

It should be noted though, that when ykman list fails, I can still use the otp features from the yubikey, and tapping the gold contact will simulate keypresses on a keyboard. That's good, I guess, but I really need that gpg feature working.

My two theories so far:

• either the yubikey pgp applet (and other parts) don't always start properly
• or there's a bug somewhere in the ccid communication between the yubikey and scdaemon, possibly due to the version of ccid.

Edit: Upon further examination, it appears that both of my other devices run gpg version 3.3, and the yubikey version 3.4 (as indicated by gpg --card-status). Also, ykman list killed my scdaemon during certain operations.

[dubrovskyi]

same for fedora 30.
[ykman.descriptor.open_device:115] No matching device found
Usage: ykman [OPTIONS] COMMAND [ARGS]...
Try "ykman -h" for help.

Error: Failed connecting to YubiKey 5 [OTP+FIDO+CCID]. Make sure the application have the required permissions.

[eric-hemasystems]

I have a similar message. I noticed in the help it says -s should list the serial number but for me it listed the string YubiKey 5 [OTP+FIDO+CCID]:

% ykman list -s                 
YubiKey 5 [OTP+FIDO+CCID]

I ran ykman info which listed my serial number:

% ykman info
Device type: YubiKey 5C Nano
Serial number: 10338381
Firmware version: 5.1.2
....

My thought was that the system was failing to get the serial number for some reason when trying to open the device so perhaps if I specified the serial number. This time it worked:

ykman -d 10338381 openpgp set-touch SIG on
Enter admin PIN: 
Set touch policy of signature key to on? [y/N]: y

After successfully doing this I notice now the -s does correctly return the serial number:

% ykman list -s    
10338381

I suspect the yubikey got put in some sort of odd state.

[ghost]

I wanted to share my personal solution, which may be of some help to other users here.

I was having trouble listing any credentials stored on my Yubikey 5 NFC (I used to use the GUI so there were definitely stored creds).
After scouring the internet for clues, I found this: https://wiki.archlinux.org/index.php/Yubikey#ykman_fails_to_connect_to_the_YubiKey

I ran sudo service pcscd status and lo and behold it was inactive. This was the cause of my issue.

So I ran:

1. sudo service pcscd restart to restart the service.
2. sudo service pcscd status to verify the service was then active.
3. ykman oath list to list all of my credentials as expected.

[daemonhorn]

I experienced the same "Failed to connect" issue on Windows, and turns out that if there was a touch policy set on the usb config you can get this error as well. Touching the gold disk and waiting 2 seconds corrected, then I could disable the touch policy with ykman config.

[nip3o]

I have the same "Failed to connect" issue on macOS Catalina, ykman 3.1.1 and a Yubikey 4. ykman --log-level=DEBUG oath list tries a couple of times and exit with No matching device found. I can still list and see the Yubikey there (although its serial does not show up). Re-inserting the Yubikey makes it work after 1-3 attempts, but it's really annoying.

The Yubikey Authentication GUI app has the same issue, but i have never had any problems with using it for U2F or OTP.

[Sushisource]

Running into this on linux as well. Messages like these:

Nov 25 17:24:04 monolith-linux pcscd[124505]: 00000011 readerfactory.c:376:RFAddReader() Yubico YubiKey OTP+FIDO+CCID init failed.
Nov 25 17:24:04 monolith-linux pcscd[124505]: 00023683 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Nov 25 17:24:04 monolith-linux pcscd[124505]: 00000041 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:1050/0407:libudev:1:/dev/bus/usb/001/002)

This issue has been around for three years - people are paying for these keys and expect this to work, why is there zero official presence here?

(Not to mention there's already a fix you could easily translate into the application: https://github.com/a-dma/yubitouch )

[dainnilsson]

There seems to be several different issues present in this issue, so it's difficult to know which ones are already "solved" and which aren't. Some reoccurring ones I see are:

CCID based commands (such as piv, oath, and openpgp) don't work after running gpg. This is in most cases due to scdaemon (which is part of gpg) holding exclusive access to the YubiKey (details here: https://dev.gnupg.org/T2440 possible workaround: setting a timeout in scdaemon.conf as described here: https://forum.yubico.com/viewtopicb85f.html?p=7513).

CCID based commands don't work in general (without scdaemon running). This indicates that ykman isn't able to communicate with the smart card system, which on Linux is the pcscd service. This commonly means that the service is either missing, or not running. Instructions for how to set it up will vary between Linux distributions, and unfortunately we aren't able to provide these. Instead we refer you to the documentation for your particular distribution.

Other commands don't work. Different commands need to use different USB interfaces on the YubiKey, which use different communication mechanisms. These issues will need to be resolved on a case-by-case basis, but one common problem is not having the proper permissions to access one or more of these USB interfaces. This can usually be tested for by running the command as root (eg. by using sudo), and might be resolved by configuring permissions using Udev rules, or granting specific permissions to the user account.

I see that several people in this thread have found answers already, and it's difficult to know where that is and isn't the case, so I am closing this issue now. If you do still have problems and the already provided solutions and workarounds don't help you, please open a new issue to deal with your specific problem, or contact our support team for help: https://support.yubico.com/hc/en-us

[christianreiser]

running the manager with sudo fixed the problem for me on Ubuntu:
sudo ./yubikey-manager-qt-1.1.5-linux.AppImage

[zpeterg]

@edsantiago, I'm running into a similar problem on my PostmarketOS Pinephone (which is a version of Alpine Linux). I got pcscd running with sudo apk add pcsc-lite && sudo service pcscd start && sudo rc-update add pcscd. Checking the status after restart shows it's running. I also installed ccid with sudo apk add ccid. I loaded up that file you suggested into the rules.d folder.

The end-result is that I can use U2F in Mozilla, and I can use ykman to get information on the device. It also has keyboard access. However, running sudo ykman oath code list still gives me Error: Failed connecting to Yubikey Neo[OTP+FIDO+CCID]. Make sure the application have the required permissions.

Any further thoughts on something I'm missing? Something I missed on the "checklist"?

[zpeterg]

@dainnilsson, as noted in my post just above, I'm having trouble with a version of Alpine Linux. You mentioned that conflicts with GPG can cause this problem. I don't believe I have GPG running (at any rate, the command gpg --version yields nothing. Do you know how to check if that's running on Alpine? Thanks for any help!

[dainnilsson]

@zpeterg Check for a process running named scdaemon, that's the part of gnupg that holds on to the smart card exclusively (you can use the ps command for that, eg. ps aux | grep scdaemon). If you're on ykman 4.0 you can additionally run ykman --diagnose to get more output that might be helpful in troubleshooting (and if you're not, I'd recommend you upgrade!).

[zpeterg]

@dainnilsson , thanks for the tips. I see that scdaemon is running, so that probably is the issue.

[davidshen84]

Hi,

Do we have any solution to this issue yet? I am on Linux, I have a Yubico Key NFC 5, my key has PIN set. When I execute

sudo ykman --log-level debug oath info

I got the following debug log.

2021-07-11T19:06:31+1000 INFO [ykman.logging_setup.setup:74] Initialized logging for level: DEBUG
2021-07-11T19:06:31+1000 INFO [ykman.logging_setup.setup:75] Running ykman version: 4.0.0
2021-07-11T19:06:31+1000 DEBUG [ykman.logging_setup.log_sys_info:47] Python: 3.9.5 (default, Jun 12 2021, 13:17:09) 
[Clang 11.1.0 ]
2021-07-11T19:06:31+1000 DEBUG [ykman.logging_setup.log_sys_info:48] Platform: linux
2021-07-11T19:06:31+1000 DEBUG [ykman.logging_setup.log_sys_info:54] Running as admin: True
2021-07-11T19:06:31+1000 DEBUG [fido2.hid.linux.list_descriptors:72] Found CTAP device: /dev/hidraw1
2021-07-11T19:06:31+1000 ERROR [ykman.cli.__main__.retrying_connect:89] Failed opening connection
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/ykman/cli/__main__.py", line 87, in retrying_connect
    return connect_to_device(serial, connections)
  File "/usr/lib/python3.9/site-packages/ykman/device.py", line 196, in connect_to_device
    raise ValueError("No YubiKey found with the given interface(s)")
ValueError: No YubiKey found with the given interface(s)
2021-07-11T19:06:31+1000 DEBUG [fido2.hid.linux.list_descriptors:72] Found CTAP device: /dev/hidraw1
2021-07-11T19:06:31+1000 DEBUG [ykman.cli.__main__.retrying_connect:97] Sleep...
...

I also got similar error with sudo ykman --log-level debug piv info

• I have killed the scdaemon process
• I have the pcscd service running

Anything else should I check?

Thanks

[Utopiah]

@zpeterg any success on using ykman on the PinePhone with PostmarketOS?

[zpeterg]

@Utopiah, I mostly use Mobian now. But here are my notes on setting up Yubikey on PostmarketOS:

• Install Yubikey Authenticator and Yubikey Manager from Discover app store
• sudo systemctl start pcscd.service
• sudo systemctl enable pcscd.service

I'm not certain that those are the full steps, but hopefully it helps!

[Utopiah]

@zpeterg thanks. FWIW I was missing either udev rules for my user or libu2f-host but now it is working. I installed via pip after adding via apk pcscd and all necessary build dependencies (all the way to Rust and Cargo for crypo). Now I "just" have to figure out when I use this over the CLI util 2fa and my "normal" Sxmo usage.

[zpeterg]

@Utopiah , I also am on SXMO these days and very much enjoying it, but would love to have access to Yubikey in case it's needed. Question: How did you get yubikey authentication working? These are my steps so far:

• sudo apk add py3-pip
• sudo pip install --user yubikey-manager

But it errors-out with "command 'gcc' failed: No such file or directory". Any pointers?

[Utopiah]

@zpeterg can't recall exactly but from your specific error message I'd start with apk add build-base

[zpeterg]

I made it further with these steps:

sudo apk add py3-pip
sudo apk add build-base
sudo apk add python3-dev
sudo apk add libffi-dev
sudo apk add swig
pip install --upgrade pip
pip install --user yubikey-manager

That got it installed, but it said that no Yubikey was present. So then I edited /etc/udev/rules.d/70-u2f.rules to add:

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120"

That made ykman info function correctly, but I still can't access ykman oath accounts list - it shows "No yubikey found with the given interface(s)". The errors indicate that it's timing-out. The same yubikey works fine in another computer using the same command, so I know the interface exists). @Utopiah, do you recall running into that problem?

[zpeterg]

I suspect the CCID reader isn't working - I'm getting nothing for ykman list --readers. But I'm not sure why. PCSCD is installed and running.

[Utopiah]

Unfortunately @zpeterg I can't recall running into that problem but to be honest I'm not sure I tried ykman oath accounts list. I might try a

sudo apk add pcsc-lite pcsc-lite-dev py3-pip build-base python3-dev libffi-dev swig\
&& sudo service pcscd start\
&& sudo echo 'KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120"' > /etc/udev/rules.d/70-u2f.rules\
&& pip install --upgrade pip\
&& pip install --user yubikey-manager

at some point.

[zpeterg]

Fresh-up everything basically? Good idea. I tried it, but no dice. Thanks anyway!

[Utopiah]

Indeed @zpeterg I get OATH Enabled yet ykman oath info fails with Error: No YubiKey found with the given interface(s)

Details :

pine64-pinephone:/home/user# /root/.local/bin/ykman info
Device type: YubiKey 5Ci
Serial number: 12345678
Firmware version: 5.2.4
Form factor: Keychain (USB-C, Lightning)
Enabled USB interfaces: OTP, FIDO, CCID

Applications
FIDO2           Enabled      
OTP             Enabled      
FIDO U2F        Enabled      
OATH            Enabled      
YubiHSM Auth    Not available
OpenPGP         Enabled      
PIV             Enabled      
pine64-pinephone:/home/user# /root/.local/bin/ykman  oath accounts list
Error: No YubiKey found with the given interface(s)

Glad you opened #471 .

[blimey74]

I was also had problems with "Error: No YubiKey found with the given interface(s)" on my laptop running Linux Mint. I resolved it by plugging my Yubikey into the port I originally used when setting up AWS MFA.

[ethnh]

I was also had problems with "Error: No YubiKey found with the given interface(s)" on my laptop running Linux Mint. I resolved it by plugging my Yubikey into the port I originally used when setting up AWS MFA.

Same here, I got it working by plugging + unplugging.. odd

[tomfitzhenry]

I also saw "No YubiKey found with the given interface" and found that the problem was that my kernel didn't have CONFIG_HIDRAW enabled. (This is disabled by default in the mainline aarch64 defconfig, but most distros seem to have enabled it).

To check if you have that kernel config, here's what it should look like:

$ zcat /proc/config.gz | grep CONFIG_HIDRAW
CONFIG_HIDRAW=y