Nitrokey U2F - some way to configure? / FIDO U2F login to local account on QubesOS

Hi all,

I am unable to find documentation on how to configure the Nitrokey U2F outside of use with a browser.

My intention is to configure the Nitrokey U2F’s challenge-response mode, similar to how one can use Yubico’s personalization GUI.

I am trying to use the Nitrokey U2F rather than Yubikey U2F for this set-up (U2F login into OS): https://www.qubes-os.org/doc/yubi-key/#challenge-response-mode

any guidance or help appreciated - thanks and keep up the good work!

Hi @michael!

Sorry for delay. Unfortunately Nitrokey U2F does not support challenge-response mode (which needs HMAC-SHA1 implementation). This is not a part of FIDO U2F standard, but rather more like HOTP/TOTP, but with own challenge.

There is surely a possibility to log in to the OS via the pam_u2f module. I do not know though is it available for QubesOS. See following for details:

1 Like

thanks for the response! it looks like there are some PAM-based ways of implementing this functionality in Qubes OS:

I’ll explore this strategy, thanks for the guidance.

1 Like