agent refused operation when removing/adding key with libykcs11.so

Question

agent refused operation when removing/adding key with libykcs11.so

Closed this issue a year ago · 1 comments

Hello, I am new with yubikeys. I had set up both of my keys to SSH into my server using OTP. It's been a stressful day trying to undo a mistake I made that I forgot why I was messing with things to begin with. Either way this is my current predicament. Both my server and desktop are on linux (Ubuntu and Mint)

I removed the OTP codes from both of my keys (I don't remember why) Yubikey 5C NFC. and after that of course started all sorts of problems. With my vaultwarden, and of course SSH. I manaed to get vaultwarden back to normal, but I am struggling very hard with SSH

I removed my key from my servers authorized user so I could get back in. I added OTP back to slot 1 on both my keys. and uploaded/verified them. I re-set up Vaultwarden but this time using Webauthn instead of OTP. So 2/3 the items I am currently using my keys for are good now (Apple account login and vaultwarden) Just not SSH. I found another guide stating make sure to do chmod +600 on anything in the .ssh folder which i did

The first time I got it working, and now when I am trying to get it back to working, I am following this guide https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html

This time around when I get to step 4 and run ssh-add -e /usr/lib/x86_64-linux-gnu/libykcs11.so and I get error Could not remove card "/usr/lib/x86_64-linux-gnu/libykcs11.so": agent refused operation
I couldn't remember If I was supposed to use sudo, i don't think so but ether way when I try I get this: Could not open a connection to your authentication agent. Even tried to skip it and do ssh-add -e but I get asked for a pass phrase and any of my saved keys dont work and it goes back to agent refused operation

I have been googling at this for hours now and have not come up to an answer on how I can reset my private key for SSH. I already wiped out my desktops .ssh files. ssh-add -L shows the key that I am trying to remove. I couldn't figure out how to get debug/verbose logging on for this.

Any help is appreciated!

Answer 1 · 2023-08-28T04:38:56.000Z

nevermind, I think I figured it out. Part of my troubleshooting did clearit so that ssh-add -L returned no keys. At that point I followed the steps from the linked article and skipped removal since it was empty.

I created key, got asked for passphrase. entered in pin code I had reset on my key and it let me run ssh-add -s and the remaning commands and now I can ssh into my server via my yubikey.

now to try these steps again with my backup key