Login auf Linux möglich?

toaskoas · May 18, 2017, 7:27am

Hallo,

ist es möglich sich mit dem Stick auf Linux anzumelden? Die Methoden in der Doku scheinen ja nicht mehr zu funktionieren.

szszszsz · May 24, 2017, 1:04pm

Hi!

What Linux distribution do you use?

Petra · July 22, 2017, 10:07am

Hi! I have the same question for Kubuntu 17.04. Can I use the stick to secure the user login?

nitroalex · August 7, 2017, 10:12am

Hello,

did you already try this documentation? https://www.nitrokey.com/documentation/applications#os:linux&a:computer-login

It works like a charme. Although it seems a bit tricky first.

So here is what you need:

You already generated and inserted keys to the stick.
Install the packages (apt-get update && apt-get install gnupg libpam-poldi libccid).
Add the serial of your key and your username to the file /etc/poldi/localdb/users
Add the public key to /etc/poldi/localdb/keys/<your serial>
Tell Pam to use poldi for login. You must probably look at someting like /etc/pam.d/kdm-* as you use Kubuntu.

This is just a short overview. Please look at the detailed instructions mentioned above. Please just tell me, if you stuck anywhere.

Kind regards
Alex

humboldtux · September 14, 2017, 7:48am

Hi @nitroalex

Do you know the command to get the public key instead of poldi-ctrl?
What the format of the file /etc/poldi/localdb/keys/, to create it without poldi-ctrl?

Thank you

nitroalex · September 14, 2017, 1:49pm

Hi humboldtux,

luckily yes I will change the instructions on the website as well.

As Debian maintainers decided to not include poldi-ctrl anymore, you can use gpg-connect-agent instead.

sudo sh -c 'gpg-connect-agent "/datafile /etc/poldi/localdb/keys/D00600012401020000000000xxxxxxxx" "SCD READKEY --advanced OPENPGP.3" /bye'

This should do the job. Please remember to change the ‘xxxxxxx’ above with your card information. It is may needed to disconnect and connect the stick again at first.

Kind regards
Alex

humboldtux · September 14, 2017, 2:58pm

Perfect thank you, it is working under Debian 9.

nitroalex · September 14, 2017, 2:59pm

Great! Thanks for your feedback!

mailst-becker.de · August 31, 2019, 9:35am

I probably have a problem with pam under ubuntu 19.04 gnome
I created ECC keys with Nitrokey Start (good tutorial in german: https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/)
following your documentation I cannot login without user password.
I need two different configurations:
1: Gnome login with nitrokey start for a non-privileged user; no changes for the other users
2: nitrokey start usage for a priviledged user only for sudo escalation
Could you tell me what changes to make in which file and especially at which position for both cases?
the screenshot

show the files without changes made:

szszszsz · September 2, 2019, 8:57am

Hi!

I cannot help you unfortunately. Have you tried to ask the tutorial’s writer about this extra case?

nitroalex · September 17, 2019, 12:56pm

Hi,

poldi does not include ecc support yet, as far as I can see. There is a patch, as mentioned here. But it does not seem to be merged into the code base yet.

Kind regards
Alex

microangelo · February 20, 2020, 9:44pm

@nitroalex you didn’t change the instructions on the website so far

nitroalex · March 5, 2020, 8:41am

Thanks for the reminder! I put in a small note that it is working with NK Start ECC keys when build from source.