Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use with yubikey-agent #65

Open
cnf opened this issue Feb 14, 2025 · 3 comments
Open

use with yubikey-agent #65

cnf opened this issue Feb 14, 2025 · 3 comments

Comments

@cnf
Copy link

cnf commented Feb 14, 2025

I am trying to get yubikey-touch-detector working with FiloSottile/yubikey-agent@2e5376c but I am having no success.

running it manually:

yubikey-touch-detector -libnotify -v -stdout
DEBU[2025-02-14T19:09:45+01:00] Starting YubiKey touch detector              
DEBU[2025-02-14T19:09:45+01:00] HMAC watcher on '/dev' is successfully established 
DEBU[2025-02-14T19:09:45+01:00] U2F watcher on '/dev' is successfully established 
DEBU[2025-02-14T19:09:45+01:00] Directory '/home/cnf/.gnupg/private-keys-v1.d' does not exist or cannot stat it

and then nothing.

SSH_AUTH_SOCK is set, U2F IS detected, but i can not get it working with yubikey-agent.

I am on NixOS, with version 1.12.5.

Any help would be appreciated.
@maximbaz
Copy link
Owner

maximbaz commented Feb 14, 2025
edited
Loading

Hello, this app only works with gpg for ssh support, so it detects a touch when gpg-agent is used as ssh agent, but that's about it.

I definitely don't mind having support for yubikey-agent, and I can see it uses PIV to talk to the device. Support for that is requested and tracked in #22, but nobody is actively doing any work on that. PRs are most definitely welcome 😁

Once #22 is done, touches requested by yubikey-agent will maybe begin to be detected as well, or maybe not. If not, it's likely that some changes would need to be done both here and in yubikey-agent, and as the last commit in yubikey-agent is 3 years ago, it might prove to be an additional challenge.

@cnf
Copy link
Author

cnf commented Feb 15, 2025

That make sense, thanks. Yeah yubikey-agent isn't active sadly, but it does the thing i need... If I have some space, I might look into what is needed, thanks!

@maximbaz
Copy link
Owner

#22 has a couple of other interesting projects linking to it, see in particular smlx/piv-agent#223, it looks like a next gen yubikey-agent, which is active and other people are also interested in the same thing as you.

The general feedback is the same - I'd be more than happy to have support for that. Ideally we'd find some way to get the "touch needed" directly from PIV, so that all apps using it will be supported. If hard or impossible, it's also okay to teach e.g. piv-agent and yubikey-touch-detector to talk to each other - in fact that's how we started with U2F, folks at pam-u2f agreed to do this, we got the feature shipped, and later we replaced that with a proper integration with U2F and FIDO2 protocols, which allowed to see touch requests e.g. from browsers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cnf @maximbaz