Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
> Could you share a few details? > > * dpkg -l "*yubi*" > * dpkg -l "*cryptsetup*" > * cat /etc/crypttab > * Screenshots of the prompt, error messages, maybe boot in recovery mode * dpkg -l "*yubi*" | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-===-===--=== ii libyubikey-udev 1.20.0-3 all udev rules for unprivileged access to YubiKeys ii libyubikey0 1.13-6 amd64 Yubikey OTP handling library runtime ii python3-yubikey-manager 4.0.0~a1-2 all Python 3 library for configuring a YubiKey — transitional package ii yubikey-luks 0.5.1+29.g5df2b95-6 all YubiKey two factor authentication for LUKS disks ii yubikey-personalization 1.20.0-3 amd64 Personalization tool for Yubikey OTP tokens ii yubioath-desktop 5.0.4+post1-1 amd64 Graphical interface for displaying OATH codes with a Yubikey * dpkg -l "*cryptsetup*" | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=---=== ii cryptsetup 2:2.3.4-2 amd64 disk encryption support - startup scripts ii cryptsetup-bin 2:2.3.4-2 amd64 disk encryption support - command line tools ii cryptsetup-initramfs 2:2.3.4-2 all disk encryption support - initramfs integration ii cryptsetup-run 2:2.3.4-2 all transitional dummy package for cryptsetup ii libcryptsetup12:amd64 2:2.3.4-2 amd64 disk encryption support - shared library * cat /etc/crypttab sda3_crypt UUID=18a87353-c256-4da6-88ab-6ac75b0d84ce none luks,discard,keyscript=/usr/share/yubikey-luks/ykluks-keyscript thank you! Daniel OpenPGP_signature Description: OpenPGP digital signature
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
On Sat, 20 Mar 2021 12:29:56 -0400 Jerome Charaoui wrote: > user debian-rele...@lists.debian.org > usertags 985543 + bsp-2021-03-ca-montreal > tag 985543 + unreproducible moreinfo > thank you > > Hello, > > I've attempted, but was unable, to reproduce this bug. > > I set up the yubikey-luks challenge-response on a fresh stretch system, > and after upgrading to bullseye, it was working as before, which > suggests the package is working as intended even after a release upgrade. > > I'm wondering if your bug could actually be related to an update in the > kernel or usb subsystem itself, rather than the yubikey-luks package? > > Did you try booting up using a live system such as Grml and trying to > unlock your luks filesystem manually in that environment? > > Thanks. > > Hi, First of all thank you for your afford! I successfully managed to unlock my LUKS partition by generating the response on a different machine (with package 'ykpersonalize' using the command 'ykchalresp') and typing it manually. the system was updated as I thought. My system recognized my yubikey when it was unlocked and I could do the usual operation I'm using it for. the chalresp OTP slot works as usual as well for other oprations. Tried to do another update and rebooted the system, still no luck with the yubikey itself. As for your suggestion, I'll try to unlock it with the yubikey-luks package on a live system and report back. thank you very much, Daniel OpenPGP_signature Description: OpenPGP digital signature
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
Hi, First of all thank you for your afford! I successfully managed to unlock my LUKS partition by generating the response on a different machine (with package 'ykpersonalize' using the command 'ykchalresp') and typing it manually. the system was updated as I thought. My system recognized my yubikey when it was unlocked and I could do the usual operation I'm using it for. the chalresp OTP slot works as usual as well for other oprations. Tried to do another update and rebooted the system, still no luck with the yubikey itself. As for your suggestion, I'll try to unlock it with the yubikey-luks package on a live system and report back. thank you very much, Daniel OpenPGP_signature Description: OpenPGP digital signature
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
Hi Daniel, On Sun, 2021-03-21 at 13:52 +0200, Daniel Hevron Pereh wrote: > I successfully managed to unlock my LUKS partition by generating the response > on a different machine (with package 'ykpersonalize' using the command > 'ykchalresp') and typing it manually. the system was updated as I thought. > > My system recognized my yubikey when it was unlocked and I could do the usual > operation I'm using it for. the chalresp OTP slot works as usual as well for > other oprations. > > Tried to do another update and rebooted the system, still no luck with the > yubikey itself. > > As for your suggestion, I'll try to unlock it with the yubikey-luks package on > a live system and report back. Sorry you are having problems with the integration. Could you share a few details? * dpkg -l "*yubi*" * dpkg -l "*cryptsetup*" * cat /etc/crypttab * Screenshots of the prompt, error messages, maybe boot in recovery mode You should always be able to unlock with any other passphrase, as long as the YubiKey is not present, I hope this works for you? Also make sure you have updated initramfs, after upgrading yubikey-luks: update- initramfs -uv Best Regards Markus Frosch
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
Hi Jerome, On Sat, 2021-03-20 at 12:29 -0400, Jerome Charaoui wrote: > I've attempted, but was unable, to reproduce this bug. > > I set up the yubikey-luks challenge-response on a fresh stretch system, > and after upgrading to bullseye, it was working as before, which > suggests the package is working as intended even after a release upgrade. > > I'm wondering if your bug could actually be related to an update in the > kernel or usb subsystem itself, rather than the yubikey-luks package? > > Did you try booting up using a live system such as Grml and trying to > unlock your luks filesystem manually in that environment? Thanks for verifying, I just re-confirmed it working on my test VMs without any problems (from a fresh install). And thanks for tagging! :) Regards Markus
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
user debian-rele...@lists.debian.org usertags 985543 + bsp-2021-03-ca-montreal tag 985543 + unreproducible moreinfo thank you Hello, I've attempted, but was unable, to reproduce this bug. I set up the yubikey-luks challenge-response on a fresh stretch system, and after upgrading to bullseye, it was working as before, which suggests the package is working as intended even after a release upgrade. I'm wondering if your bug could actually be related to an update in the kernel or usb subsystem itself, rather than the yubikey-luks package? Did you try booting up using a live system such as Grml and trying to unlock your luks filesystem manually in that environment? Thanks. OpenPGP_signature Description: OpenPGP digital signature
Bug#985543: yubikey-luks: after upgrade and reboot - yubikey "not detected" (but blinking)
Package: yubikey-luks Version: 0.5.1+29.g5df2b95-6 Severity: grave Justification: causes non-serious data loss X-Debbugs-Cc: dhpe...@mailbox.org Dear Maintainer, Yesterday I (mostly sure, cannot verify as I'm locked out of my system) upgraded the package on a debian bullseye machine. I booted up my machine after that but my yubikey isn't detected. the Yubikey flashes when I connect it to indicate that it's on. I tried different USB ports. tried booting with it connected beforehand and tried connecting after promped to. nothing changed. in summary, i'm promped to enter yubikey and chalenge, im typing my challenge and press enter, yet it says no Yubikey found. this bug report is sent from another machine! -- System Information: Debian Release: bullseye/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-4-amd64 (SMP w/2 CPU threads) Locale: LANG=en_IL, LC_CTYPE=en_IL (charmap=UTF-8), LANGUAGE=en_IL:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages yubikey-luks depends on: pn cryptsetup-run ii initramfs-tools 0.139 ii yubikey-personalization 1.20.0-3 Versions of packages yubikey-luks recommends: pn cryptsetup-initramfs pn expect yubikey-luks suggests no packages.