{"id":117,"date":"2005-04-15T05:22:38","date_gmt":"2005-04-15T02:22:38","guid":{"rendered":"https:\/\/void.gr\/kargig\/blog\/?p=117"},"modified":"2005-04-15T05:38:36","modified_gmt":"2005-04-15T02:38:36","slug":"using-a-usb-stick-to-login-to-gentoo","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2005\/04\/15\/using-a-usb-stick-to-login-to-gentoo\/","title":{"rendered":"Using a usb stick to login to gentoo Linux"},"content":{"rendered":"<p>It was kinda late, and I wanted to do something tonight&#8230;something interesting. I was looking at my usb key when I had this flash&#8230;&#8221;Could I use my usb key to login to my pc with a certain account ?&#8221;.<br \/>\nGoogling &#8230; googling&#8230; I need a PAM module to do it. eix time now!<br \/>\n<code>#eix pam usb<br \/>\n* sys-libs\/pam_usb<br \/>\n     Available versions:  0.3.1 0.3.2<br \/>\n     Homepage:            http:\/\/www.pamusb.org\/<br \/>\n     Description:         A PAM module that enables authentication using an USB-Storage device (such as an USB Pen) through DSA private\/public keys.<br \/>\n<\/code><\/p>\n<p>Bingo!<\/p>\n<p>I emerged it and edited \/etc\/pam.d\/system-auth and \/etc\/pam.d\/login<br \/>\nIn the very first line of the files I added:<br \/>\n<code> auth       sufficient   \/lib\/security\/pam_usb.so !check_device allow_remote=1 force_device=\/dev\/sda1 fs=vfat debug=1 log_file=\/var\/log\/pam_usb.log<br \/>\n<\/code><\/p>\n<p>Then I just did:<br \/>\n<code>usbadm keygen \/mnt\/usb1 root 4096<\/code><br \/>\nas the great <a href=\"http:\/\/pamusb.org\/quickstart.html\">quickstart<\/a> of <a href=\"http:\/\/pamusb.org\/\">pam_usb<\/a> describes and I am set!<\/p>\n<p>just a test then&#8230;:<br \/>\n<code>$ su<br \/>\n#<br \/>\n<\/code><br \/>\nDamn! I liked that!<\/p>\n<p>and you can check the debug log too:<br \/>\n<code>[device.c:371] Forcing device \/dev\/sda1<br \/>\n[device.c:346] Creating temporary mount point...<br \/>\n[device.c:354] Scheduling [\/tmp\/pam_usbI7wL6Z] for dropping<br \/>\n[device.c:358] Using \/tmp\/pam_usbI7wL6Z as mount point<br \/>\n[device.c:237] Trying to mount \/dev\/sda1 on \/tmp\/pam_usbI7wL6Z using vfat<br \/>\n[device.c:253] Device mounted, trying to open private key<br \/>\n[device.c:181] Opening \/tmp\/pam_usbI7wL6Z\/.auth\/root.XXXXXX<br \/>\n[device.c:261] Private key opened<br \/>\n[auth.c:207] Private key imported<br \/>\n[auth.c:218] Public key imported<br \/>\n[device.c:455] Dropping [\/tmp\/pam_usbI7wL6Z]<br \/>\n[dsa.c:77] Checking DSA key pair...<br \/>\n[dsa.c:87] Signing pseudo random data [1 time(s)]...<br \/>\n[dsa.c:94] Valid signature<br \/>\n[dsa.c:87] Signing pseudo random data [2 time(s)]...<br \/>\n[dsa.c:94] Valid signature<br \/>\n[dsa.c:87] Signing pseudo random data [3 time(s)]...<br \/>\n[dsa.c:94] Valid signature<br \/>\n[pam.c:207] Access granted<br \/>\n<\/code><\/p>\n<p>What about if I remove the usb key ?<br \/>\n<code><br \/>\n$ su<br \/>\nPassword:<br \/>\nsu: Authentication failure<br \/>\nSorry.<br \/>\n$<br \/>\n<\/code><\/p>\n<p>and the debug log:<br \/>\n<code><br \/>\n[device.c:371] Forcing device \/dev\/sda1<br \/>\n[device.c:346] Creating temporary mount point...<br \/>\n[device.c:354] Scheduling [\/tmp\/pam_usbTMRHEZ] for dropping<br \/>\n[device.c:358] Using \/tmp\/pam_usbTMRHEZ as mount point<br \/>\n[device.c:237] Trying to mount \/dev\/sda1 on \/tmp\/pam_usbTMRHEZ using vfat<br \/>\n[device.c:242] mount failed: No such file or directory<br \/>\n[device.c:249] Unable to mount \/dev\/sda1, tried with 1 fs<br \/>\n[device.c:376] Device forcing failed, back to guess mode<br \/>\n[device.c:419] Cannot find any device<br \/>\n[device.c:455] Dropping [\/tmp\/pam_usbTMRHEZ]<br \/>\n[auth.c:186] Invalid device<br \/>\n[pam.c:203] Cannot authenticate user \"root\"<br \/>\n<\/code><\/p>\n<p>I really liked that today&#8230;felt like Mission Impossible..yeah \ud83d\ude1b<br \/>\nI wonder if I could make that work with xscreensaver too&#8230;would be pretty cool, wouldn&#8217;t it ?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It was kinda late, and I wanted to do something tonight&#8230;something interesting. I was looking at my usb key when I had this flash&#8230;&#8221;Could I use my usb key to login to my pc with a certain account ?&#8221;. Googling &#8230; googling&#8230; I need a PAM module to do it. eix time now! #eix pam [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1,3],"tags":[],"class_list":["post-117","post","type-post","status-publish","format-standard","hentry","category-general","category-linux"],"aioseo_notices":[],"views":11435,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=117"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/117\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}