ykman | Failed to connect to YubiKey 5 NFC

[Sourabh-ALTEN]

• YubiKey Manager (ykman) version: 5.1.1
• How was it installed?: Using Yubico's PPA (Ubuntu)
• Operating system and version: WSL2; 1.2.5.0; Windows version: 10.0.22621.819 (Ubuntu distro)
• YubiKey model and version: YubiKey 5 NFC (5.4.3)
• Bug description summary: Failed to connect to YubiKey.

Steps to reproduce

I have enabled USB device forwarding in my WSL2 kernel and also using usbipd to attach USB device to WSL2. Yubikey is recoginzed by lsusb. I haved generated OpenPGP keys using Kleopatra application and Yubikey is recognized as a Smartcard as described in this blog. gpg --card-status was also working from cmd. Since I want to use GPG key pair as my SSH key too, I edited ~/.bashrc and added below section to it

config_path="C\:/Users/<YOUR_USER>/AppData/Local/gnupg"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
# SSH Socket
# Removing Linux SSH socket and replacing it by link to wsl2-ssh-pageant socket
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
  rm -f "$SSH_AUTH_SOCK"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
fi
# GPG Socket
# Removing Linux GPG Agent socket and replacing it by link to wsl2-ssh-pageant GPG socket
export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
  rm -rf "$GPG_AGENT_SOCK"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin --gpgConfigBasepath ${config_path} --gpg S.gpg-agent" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
fi

And restarted WSL2. Now the gpg --card-status also works in my Ubuntu and also imported GPG keys using gpg --card-edit.
However, ykman list gives error ERROR: Unable to list devices for connection and also ykman --diagnose showed error related to not configured CONFIG_HIDRAW. So, I rebuilt the Kernel with CONFIG_HIDRAW=y and started WSL2 again.
But now, gpg --card-status is not working

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

And ykman list and ykman info seems to work fine. Now I want to enable touch requirement for authentication requests so I am trying to do it via ykman openpgp keys set-touch aut on but, this gives ERROR: Failed to connect to YubiKey. Also tried ykpersonalize -m 5 to chnage the mode but this resulted in Yubikey core error: write error

Also, I want to add public ssh key to GIT server. Since I have connected WSL’s ssh agent to GPG key over socket Ishould obtain ssh public key using ssh-add -L but, this gives me error fetching identities: communication with agent failed.

Expected result

Enabling touch requirement for authentication and also using GPG key as SSH key using socket and wsl2-ssh-pageant

Actual results and logs

gpg --card-status results in

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

ykman openpgp keys set-touch aut on gives
ERROR: Failed to connect to YubiKey.

Please let me know if further logs or diagnose is required

Can anyone please let me know what is the issue here?

Thanks in advance

[nwayve]

I've hit so many walls trying to get yubikey to work in WSL until I found this post. Turns out the trick is to not install the YubiKey Manager on your WSL distro, and to instead symlink it to the ykman installed on Windows.

Try uninstalling it from the Ubuntu distro and adding a symlink:
$ sudo ln -s /mnt/c/Program\ Files/Yubico/YubiKey\ Manager/ykman.exe /usr/bin/ykman

Not sure if the work you've done to do USB device forwarding into WSL will interfere with this. I remember trying this route a while back and not having any success.