Smart Card Connector extension prevents mapping Yubikey into Crostini
391 views
Skip to first unread message
dragon788
Jun 8, 2020, 8:31:50 PM6/8/20
to Chromium OS Development
I've been using the Smart Card Connector with Secure Shell for quite a while with my Yubikeys. With the USB device support landing I was going to use my Yubikey directly in Crostini for GPG encryption/decryption and signing in addition to using it for authentication (for SSH), but when I tried doing a `vmc usb-attach terminal 1:008` with my Yubikey plugged in I was getting a permission error but other devices worked fine. After a while (weeks later) it dawned on me that it might be the Smart Card Connector that also accesses the device, and after disabling the app I was able to successfully map the device in and use it exactly as I'd hoped. Is there a place to file bugs on the Connector being greedy and requiring exclusive access to the device even if Secure Shell doesn't have an open connection requesting it?
Maksim Ivanov
Jun 8, 2020, 11:13:14 PM6/8/20
to dragon788, Chromium OS Development
Hello,
Please file a bug in the Smart Card Connector bugtracker at https://github.com/GoogleChromeLabs/chromeos_smart_card_connector/issues
As a quick comment on your issue, the driver built into the Connector app - the CCID free software driver - is by design behaving "greedily", i.e., establishing the USB connection as soon as the device is attached. Changing this might be nontrivial; also it could potentially affect/conflict with other smart card applications that tend to keep a long-lived session with the attached token.
As a quick comment on your issue, the driver built into the Connector app - the CCID free software driver - is by design behaving "greedily", i.e., establishing the USB connection as soon as the device is attached. Changing this might be nontrivial; also it could potentially affect/conflict with other smart card applications that tend to keep a long-lived session with the attached token.
We may consider building a quick workaround that allows the user to manually remove the device from the Connector app, allowing it to be used by other applications. The UX won't be great, but would at least allow to manually fix the problem without having to disable/remove the App and therefore breaking any other functionality that depends on it.
Regards,
Maksim
On Tue, Jun 9, 2020 at 2:31 AM dragon788 <drag...@gmail.com> wrote:
I've been using the Smart Card Connector with Secure Shell for quite a while with my Yubikeys. With the USB device support landing I was going to use my Yubikey directly in Crostini for GPG encryption/decryption and signing in addition to using it for authentication (for SSH), but when I tried doing a `vmc usb-attach terminal 1:008` with my Yubikey plugged in I was getting a permission error but other devices worked fine. After a while (weeks later) it dawned on me that it might be the Smart Card Connector that also accesses the device, and after disabling the app I was able to successfully map the device in and use it exactly as I'd hoped. Is there a place to file bugs on the Connector being greedy and requiring exclusive access to the device even if Secure Shell doesn't have an open connection requesting it?
--
--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-dev
dragon788
Jun 9, 2020, 1:37:15 AM6/9/20
to Chromium OS Development
Thank you very much for pointing me in the right direction. I know I've come across that repo before but I wasn't sure if the connector lived in the monorepo or separately.
I've created an issue/request and updated the existing crbug to let folks know there might be a short term workaround by disabling the extension.
https://bugs.chromium.org/p/chromium/issues/detail?id=1030778
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages