You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- YubiKey Manager (ykman) version: 5.0.1 - How was it installed?:https://github.com/Yubico/yubikey-manager#linux - Operating system and version: Windows 11 & Ubuntu 20.04.1 LTS - YubiKey model and version: Yubikey 5 NFC - Bug description summary: After attaching the yubikey to WSL, the pcscd service must be started or restarted in order for ykman to access it.
Steps to reproduce
Ensure Windows 11 WSL2 installed and open a bash command prompt under WSL2.
Since WSL doesn't natively support USB devices, ensure the open-source usbipd-win project is installed.
In Powershell run usbipd wsl list to see a list of USB devices.
Connect the Yubikey to a USB port and run usbipd wsl list to see the key is connected.
In WSL bash run lsbusb and ykman list to verify the device is not listed
In Powershell run usbipd wsl attach --busid {BUSID} where BUSID is the ID of the connected Yubikey.
In WSL bash run lsbusb to verify it is connected
Run ykman list to see if the device is present
On first setup, it may or may not show up in the device list.
If it is there, it may show up as YubiKey [OTP+FIDO+CCID] <access denied> and ykman will fail to access it.
e.g. running ykman oath accounts code will result in the error: "Failed to connect to YubiKey"
Run service pcscd status
If it's not running, run sudo service pcscd start
If it is running, run sudo service pcscd restart
Run ykman list and the Yubikey should be listed as YubiKey 5C NFC (5.2.7) [OTP+FIDO+CCID] Serial: 12345678
Expected result
I would expect ykman to ensure the pcscd service is started, restarted, or otherwise managed as needed when the Yubikey is attached to WSL via the usbipd wsl attach command.
Actual results and logs
I'm forced to manage the pcscd service manually after attaching the Yubikey to WSL.
Other info
I don't know if this is a ykman issue or a usbipd-win project issue. Opening here to get feedback from Yubico team and community. There should be a more elegant way of dealing with this.
Links to other issues surrounding this problem:
I don't really have a good answer here as I'm not very familiar with usbip-win. I would suggest trying some other tool than ykman to see if the YubiKey is accessible by that or not. For example, you could try pcsc_scan from the pcsc-tools package. You could also try stopping the pcscd service and instead running it in the foreground with logging enabled to see if anything shows up there when you connect the YubiKey: https://ludovicrousseau.blogspot.com/2011/07/pcscd-debug-output.html
Same issue here. Is there any planned support for ykman running on WSL in the future?
Just came back after almost 2 years to see if I can use my YubiKey 5C with WSL2 yet, and nope.
Although I suspect that the culprit is mainly the lack of native support for USB devices in WSL2, and that Yubico can't do much about this issue.
There are a lot of WSL2 users out there nowadays and I bet quite a few would love to have native, non-hacky usbip, support for their YubiKeys.
- YubiKey Manager (ykman) version: 5.0.1
- How was it installed?: https://github.com/Yubico/yubikey-manager#linux
- Operating system and version: Windows 11 & Ubuntu 20.04.1 LTS
- YubiKey model and version: Yubikey 5 NFC
- Bug description summary: After attaching the yubikey to WSL, the pcscd service must be started or restarted in order for ykman to access it.
Steps to reproduce
usbipd wsl list
to see a list of USB devices.usbipd wsl list
to see the key is connected.lsbusb
andykman list
to verify the device is not listedusbipd wsl attach --busid {BUSID}
whereBUSID
is the ID of the connected Yubikey.lsbusb
to verify it is connectedykman list
to see if the device is presentYubiKey [OTP+FIDO+CCID] <access denied>
and ykman will fail to access it.ykman oath accounts code
will result in the error: "Failed to connect to YubiKey"service pcscd status
sudo service pcscd start
sudo service pcscd restart
ykman list
and the Yubikey should be listed asYubiKey 5C NFC (5.2.7) [OTP+FIDO+CCID] Serial: 12345678
Expected result
I would expect ykman to ensure the
pcscd
service is started, restarted, or otherwise managed as needed when the Yubikey is attached to WSL via theusbipd wsl attach
command.Actual results and logs
I'm forced to manage the
pcscd
service manually after attaching the Yubikey to WSL.Other info
I don't know if this is a ykman issue or a usbipd-win project issue. Opening here to get feedback from Yubico team and community. There should be a more elegant way of dealing with this.
Links to other issues surrounding this problem:
The text was updated successfully, but these errors were encountered: