crythedral

U S B . M O D U L E . P A M _ U S B

Ill touch on `pamusb` configuration here real quick, cause this one is cool AF. I love the idea of having a little token/key that you authenticate with. The desired end goal of ALL of these articles uses such a device not just to auth the user but to also decrypt the root partition. However this article just outlines userauth. The currently active repository is here. https://github.com/mcdope/pam_usb From the installation guide in the github "There is an APT repository with prebuilt deb packages available. You can find it at [https://apt.mcdope.org/](https://apt.mcdope.org/)." This is the process for a Debian based system. Arch has a robust article for it's own system that I used to use. https://wiki.archlinux.org/title/Pam_usb ### configure the APT repository. Import the GPG key: ```bash sudo gpg --no-default-keyring \ --keyring /usr/share/keyrings/apt.mcdope.org.gpg \ --keyserver keyserver.ubuntu.com \ --recv-keys 913558C8A5E552A7 ``` add the following line to `/etc/apt/sources.list` ```bash deb [signed-by=/usr/share/keyrings/apt.mcdope.org.gpg]\ https://apt.mcdope.org/ ./ ``` run: ``` sudo apt install pam libpam-usb ``` ## USB Configuration These are the steps written here. https://github.com/mcdope/pam_usb/wiki/Getting-Started#setting-up-devices-and-users You will first add a device with ```bash pamusb-conf --add-device ``` Then configure that device with a user: ```bash pamusb-conf --add-user ``` Then check it with: ```bash pamusb-check ``` ## PAM Configuration This SHOULD have done the following for you but let's check anyway. In `/etc/pam.d/common-auth` check for the following configuration lines ```bash auth sufficient pam_usb.so auth [success=1 default=ignore] pam_unix.so nullok try_first_pass ``` The line containing `pam_unix.so` is the default and above it has been added the line containing `pam_usb.so` If this is not visible, please add it. you MAY have to reboot to get this to take effect. ---