nhcarrigan/ephemere
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Releases Activity
Files
ae081cb54c4fa760a6740a790c0f2f433144536f
ephemere/bash/yubikey/fix-yubikey-perms.sh
T
hikari b0620f2af3 refactor: reorganise bash scripts into subdirectories and add bash runner support 
Move yubikey scripts from bash/ root into bash/yubikey/, move cohort shell
scripts from python/cohort/ into bash/cohort/, and update run.sh to support
Bash as a third language with category-based script discovery.
2026-02-23 20:00:44 -08:00

77 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Colors for pretty output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo -e "${YELLOW}🔧 Starting YubiKey WSL Repair...${NC}"
# 1. CHECK: Is the key actually attached?
if ! lsusb -d 1050: > /dev/null; then
echo -e "${RED}❌ Error: No YubiKey detected in Linux!${NC}"
echo " Please go to Windows PowerShell and run:"
echo " usbipd attach --wsl --busid <YOUR_ID>"
exit 1
fi
echo -e "${GREEN}✅ YubiKey Hardware detected.${NC}"
# 2. PERMISSIONS: The "Nuclear" Polkit Fix
# This forces the smart card service to accept connections even if WSL looks "inactive"
POLICY_FILE="/usr/share/polkit-1/actions/org.debian.pcsc-lite.policy"
if [ -f "$POLICY_FILE" ]; then
echo " Applying 'Nuclear' permission fix to PC/SC Policy..."
# Backup original if not exists
if [ ! -f "$POLICY_FILE.bak" ]; then
sudo cp "$POLICY_FILE" "$POLICY_FILE.bak"
fi
# Force permissions to 'yes'
sudo sed -i 's/<allow_any>.*<\/allow_any>/<allow_any>yes<\/allow_any>/' "$POLICY_FILE"
sudo sed -i 's/<allow_inactive>.*<\/allow_inactive>/<allow_inactive>yes<\/allow_inactive>/' "$POLICY_FILE"
sudo sed -i 's/<allow_active>.*<\/allow_active>/<allow_active>yes<\/allow_active>/' "$POLICY_FILE"
else
echo -e "${YELLOW}⚠️ Warning: Polkit policy file not found. Skipping nuclear fix.${NC}"
fi
# 3. GROUP: Ensure user is in plugdev
if ! groups $USER | grep -q "plugdev"; then
echo " Adding $USER to plugdev group..."
sudo usermod -aG plugdev $USER
fi
# 4. USB NODE: Force read/write permissions on the raw USB device
# This fixes the "Failed to connect" error from yubico-piv-tool
echo " Forcing permissions on USB device node..."
lsusb -d 1050: | while read -r line; do
BUS=$(echo "$line" | awk '{print $2}')
DEV=$(echo "$line" | awk '{print $4}' | tr -d :)
PATH="/dev/bus/usb/$BUS/$DEV"
echo " -> Unlocking $PATH"
sudo chmod 666 "$PATH"
done
# 5. SERVICES: Restart everything to pick up changes
echo " Restarting Smart Card Services..."
# Kill any stuck GPG agents that might hog the card
gpgconf --kill gpg-agent 2>/dev/null || true
# Restart the main daemon
sudo systemctl restart polkit
sudo systemctl restart pcscd
# 6. CONFIG CHECK: Warn if SSH config is bad
if grep -q "IdentityFile.*yubi" ~/.ssh/config; then
echo -e "${YELLOW}⚠️ WARNING: Found 'IdentityFile' pointing to a YubiKey in ~/.ssh/config!${NC}"
echo " You should remove that line so SSH doesn't throw 'libcrypto' errors."
fi
# 7. FINAL TEST
echo -e "${YELLOW}🔎 Verifying connection...${NC}"
if yubico-piv-tool -a status > /dev/null 2>&1; then
echo -e "${GREEN}🎉 SUCCESS! Your YubiKey is ready.${NC}"
yubico-piv-tool -a status | grep "Serial Number"
else
echo -e "${RED}❌ Status check failed.${NC}"
echo " Try running: yubico-piv-tool -a status"
fi
Reference in New Issue View Git Blame Copy Permalink