Login auf Linux möglich?


ist es möglich sich mit dem Stick auf Linux anzumelden? Die Methoden in der Doku scheinen ja nicht mehr zu funktionieren.



What Linux distribution do you use?

Hi! I have the same question for Kubuntu 17.04. Can I use the stick to secure the user login?


did you already try this documentation? https://www.nitrokey.com/documentation/applications#os:linux&a:computer-login

It works like a charme. Although it seems a bit tricky first.

So here is what you need:

  • You already generated and inserted keys to the stick.
  • Install the packages (apt-get update && apt-get install gnupg libpam-poldi libccid).
  • Add the serial of your key and your username to the file /etc/poldi/localdb/users
  • Add the public key to /etc/poldi/localdb/keys/<your serial>
  • Tell Pam to use poldi for login. You must probably look at someting like /etc/pam.d/kdm-* as you use Kubuntu.

This is just a short overview. Please look at the detailed instructions mentioned above. Please just tell me, if you stuck anywhere.

Kind regards

Hi @nitroalex

Do you know the command to get the public key instead of poldi-ctrl?
What the format of the file /etc/poldi/localdb/keys/, to create it without poldi-ctrl?

Thank you

Hi humboldtux,

luckily yes :wink: I will change the instructions on the website as well.

As Debian maintainers decided to not include poldi-ctrl anymore, you can use gpg-connect-agent instead.

sudo sh -c 'gpg-connect-agent "/datafile /etc/poldi/localdb/keys/D00600012401020000000000xxxxxxxx" "SCD READKEY --advanced OPENPGP.3" /bye'

This should do the job. Please remember to change the ‘xxxxxxx’ above with your card information. It is may needed to disconnect and connect the stick again at first.

Kind regards

Perfect thank you, it is working under Debian 9.

Great! Thanks for your feedback!

I probably have a problem with pam under ubuntu 19.04 gnome
I created ECC keys with Nitrokey Start (good tutorial in german: https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/)
following your documentation I cannot login without user password.
I need two different configurations:
1: Gnome login with nitrokey start for a non-privileged user; no changes for the other users
2: nitrokey start usage for a priviledged user only for sudo escalation
Could you tell me what changes to make in which file and especially at which position for both cases?
the screenshot

show the files without changes made:


I cannot help you unfortunately. Have you tried to ask the tutorial’s writer about this extra case?


poldi does not include ecc support yet, as far as I can see. There is a patch, as mentioned here. But it does not seem to be merged into the code base yet.

Kind regards

@nitroalex you didn’t change the instructions on the website so far :wink:

1 Like

Thanks for the reminder! I put in a small note that it is working with NK Start ECC keys when build from source.