In this tutorial, we will help you create secure way for logging in with the help of your USB stick to your session. Once setup, you will no longer use your user account name and password to log in, just insert your usb device and click Log In:

To do this, we will use PAMUSB which is a module for PAM (Pluggable Authentication Modules) that allows users to have authentication from a USB device. It is compatible with many display managers (LightDM, GDM, etc.).

Getting Started

Open the terminal and run this command to install required packages under Ubuntu 12.10/12.04/Linux Mint 13:

sudo apt-get install pamusb-tools libpam-usb

Connect your usb flash drive to your computer/laptop and run this command to add it to PAM (the usb device will be detected automatically):

sudo pamusb-conf --add-device usb-key-name

Replace usb-key-name with any name of your choice. You will be prompted to save your configuration to /etc/pamusb.conf, type Y and press Enter:

Let's now add your username to PAM so that it will be granted access to your desktop via the USB drive. To do this, run this command:

sudo pamusb-conf --add-user username

Replace username with your own user account name. Or run this command which will detect automatically your current username:

sudo pamusb-conf --add-user=$USER

Type again Y and press Enter to save:

Edit now this file to make sure PAM is using the pam_usb library:

sudo gedit /etc/pam.d/common-auth

For Linux Mint, replace gedit with pluma. These lines must be available in /etc/pam.d/common-auth:

auth sufficient      pam_usb.so 
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass

Save your file and close. Next, run this command to check if the username you have added is authenticated to login with the USB device:

su username

pamusb-check $USER

If everything goes well, you will get these outputs:

$ su upubuntu 
* pam_usb v0.5.0 
* Authentication request for user "upubuntu" (su) 
* Device "upubuntu-usb-key" is connected (good). 
* Performing one time pad verification... 
* Regenerating new pads... 
* Access granted.

You can now log in to your user session without submitting your password as along as the USB device is connected.

Post a Comment