Did you ever dream of log in with a pendrive on Linux? Are you sick of type your username and the blessed password every time you start the system, but do not dare to remove that protection for fear of intruders? Well, here is a fairly novel and safe method to leave your "windolero" friends speechless. |
sudo apt-get install libpam-usb pamusb-tools
Add your pendrive as an authentication token:
Connect the pendrive to the USB port and run:
sudo pamusb-conf --add-device keyusb
Where usbkey is an identifying name for the token, but it can be any other.
I added users to pam-usb:
It is very easy to add users as you can see in the following example in which we will add to Earendil to authenticate with pam-usb:
sudo pamusb-conf --add-user earendil
Test if authentication works:
With the pendrive connected, replacing earendil with the username you have chosen:
sudo pamusb-check earendil
If it says: access granted it's because everything is going smoothly.
Pam-usb as login system:
Edit the file /etc/pam.d/common-auth and I added the following line at the beginning:
auth sufficient pam_usb.so
To do all this, you can use any pendrive without undergoing any modification, since the pam looks at the data of the hardware device, such as the manufacturer, uuid and serial number. The interesting thing is that even if we made a complete copy of the device, for example with dd, we would not obtain a correct key for the configured token.
Finally, it is worth mentioning that pamusb allows the automatic execution of commands when connecting the pendrive, so we could create a system to make backup copies when connecting the usb key, or a transfer system and many other things, but this I already leave. for you to investigate.
And if the Usb is lost?
I guess you log in like you normally do ...
I already did all the steps and everything is correct, but how do I test it, where do I put the user that I create and test the usb? because when I turn on the machine again it does not come out to enter with that user