Can I use SQRL to login to my linux machine


RonHudson

New member
Feb 24, 2021
1
0
I would love to have my Linux machine display a QR code instead of prompting for a username and password. I would show that QR code to the SQRL client on my cell phone which would then assure my computer that it actually is me. My computer runs Linux (KDE Neon at the moment) but I would guess Windows users would like this too.
 

PHolder

Well-known member
May 19, 2018
1,225
205
In a word: no. In more words: Someone could probably create such an interface, but that fact that no one has implies it may not be the easiest challenge to tackle.
 

Dave

Well-known member
May 19, 2018
487
99
Gardner, MA
I would love to have my Linux machine display a QR code instead of prompting for a username and password. I would show that QR code to the SQRL client on my cell phone which would then assure my computer that it actually is me. My computer runs Linux (KDE Neon at the moment) but I would guess Windows users would like this too.
In a word: no. In more words: Someone could probably create such an interface, but that fact that no one has implies it may not be the easiest challenge to tackle.
@RonHudson,

@PHolder is, as usual, quite correct. The concepts behind SQRL could certainly be applied to something like system logins but, SQRL as designed and implemented today, is exclusively applicable in the web/http context.

At it's heart, SQRL is simply another challenge/response mechanism, of which, the login prompt is probably the simplest example but certainly not the most secure.
 

AlanD

Well-known member
May 20, 2018
128
23
Rutland, UK
In a word: no. In more words: Someone could probably create such an interface, but that fact that no one has implies it may not be the easiest challenge to tackle.
I raised this issue many years ago during the SQRL development. As far as I see it, it just needs someone to write a PAM module to handle SQRL which could then be integrated into any Linux Login process.

I am not aware that anyone has done so, and do not have the skills to do it myself.
 

Sithmagic

Well-known member
Oct 12, 2019
76
21
I would so like to get this done too, but it won't work for console access, but could work in conjunction with ssh. @Steve mentioned this in one of his videos on SQRL.
 

ramriot

Well-known member
May 24, 2018
131
15
Yes, SQRL currently being an HTTP only protocol could not work directly on machine authentication but there is the whole realm of SSO that can.

For example when my son's starts his school chromebook after authenticating locally he needs to authenticate to the schools SSO system to gain access to his school google apps account. This is achieved with a dynamically loaded embedded web page that currently accepts Email Address & Password. There is no reason said form could not have a SQRL link / QR code to achieve the same end.

For @RonHudson I would suggest to look up SSO solutions that utilise web embedding where authentication to a local LDAP server is via a master account server running SQRL inside say Drupal or Wordpress etc.
 

PHolder

Well-known member
May 19, 2018
1,225
205
I don't know enough about how the graphical login screen on Linux works. Presumably it has some level of trust elevation on the system and has the means to either run the authentication process (PBKDF2 or similar) and the invoke a "su user" if it believes the authentication was successful. It may, or may not, use PAM in the background for that. I presume a QR code based, and potential SQRL based, system could be introduced as a replacement graphical login. The issue would be integrating with a textual password process for those times when XWindows (or whatever is currently its replacement) fails to launch and text login is the only option.

Edit: This may be useful background. https://itsfoss.com/display-manager/
 
Last edited: