Γ Install dependencies
sudo dnf install -y ykpers pcsc-tools opensc pcsc-lite
Γ Edit udev rules
Edit file /usr/lib/udev/rules.d/69-yubikey.rules
ACTION!="add|change", GOTO="yubico_end"
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.
# Yubico Yubikey II
-ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410"
+ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", OWNER="ian", MODE="0600"
LABEL="yubico_end"
Reload and check whether it works
udevadm control --reload
udevadm trigger
ykinfo -v
Γ Configure GPG agent
Edit ~/.gnupg/gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200
enable-ssh-support
Γ Enable and start the service
sudo systemctl start pcscd
sudo systemctl enable pcscd
Γ Troubleshooting
gpg-connect-agent updatestartuptty /bye
I also met problem recently that gpg has no permission to access the USB device. I fixed it by disable pcscd,
sudo systemctl stop pcscd
sudo systemctl disable pcscd
and start it manually in the terminal.
sudo pcscd --foreground --apdu --color | tee pcscd.log
Γ Remote Access
# cd /usr/share/polkit-1/rules.d/
# vi 30_smartcard_access.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
subject.user == "staf") {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_card" &&
action.lookup("reader") == 'name_of_reader' &&
subject.user == "staf") {
return polkit.Result.YES; }
});