※ reference

Γ Install dependencies

sudo dnf install -y ykpers pcsc-tools opensc pcsc-lite

Γ Edit udev rules

Edit file /usr/lib/udev/rules.d/69-yubikey.rules

ACTION!="add|change", GOTO="yubico_end"

# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.

# Yubico Yubikey II
-ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410"
+ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", OWNER="ian", MODE="0600"


Reload and check whether it works

udevadm control --reload
udevadm trigger
ykinfo -v

Γ Configure GPG agent

Edit ~/.gnupg/gpg-agent.conf

default-cache-ttl 600
max-cache-ttl 7200

Γ Enable and start the service

sudo systemctl start pcscd
sudo systemctl enable pcscd

Γ Troubleshooting

gpg-connect-agent updatestartuptty /bye

I also met problem recently that gpg has no permission to access the USB device. I fixed it by disable pcscd,

sudo systemctl stop pcscd
sudo systemctl disable pcscd

and start it manually in the terminal.

sudo pcscd --foreground --apdu --color | tee pcscd.log

Γ Remote Access

# cd /usr/share/polkit-1/rules.d/
# vi 30_smartcard_access.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
        subject.user == "staf") {
            return polkit.Result.YES;

polkit.addRule(function(action, subject) {
    if (action.id == "org.debian.pcsc-lite.access_card" &&
        action.lookup("reader") == 'name_of_reader' &&
        subject.user == "staf") {
            return polkit.Result.YES;    }