Linux

47231 readers

756 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

Autologin with disk encryption (infosec.pub)

submitted 11 months ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Is there a security risk with enabling autologin when you have disk encryption with LUKS enabled? If anyone gets hold of the PC, they have to enter the password needed for decrypting the disk.

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 20 points 11 months ago

I use autologin too with disk encryption and i don't see an issue. If you have the encryption password nothing can stop you anyway. And if you put your computer in any sleep mode you have to login after waking up.

[–] [email protected] 5 points 11 months ago

it's fine, but I recommend only enabling autologin at boot so you can lock the screen without shutting down the entire PC

[–] [email protected] 4 points 11 months ago

You could potentially do it even better the other way around. You can use clevis and tang to have network bound disk encryption setup. That way, anytime you're connected to your network the disk auto decrypts. For laptops, I like to put a decryption key on a USB drive that auto decrypts the drive. Network bound disk encryption doesn't work over wifi and this way I can still have it decrypt on the go but lock it by removing the USB key (like if you leave the laptop in the hotel room just take the USB out and keep it with you).

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

I'm not familiar with the environment, but depending upon how locked-down the system is and what permissions the auto-logged-in user gets, an attacker could use the session to modify the environment to grab the LUKS password for later collection.

[–] [email protected] 1 points 11 months ago

I've used this workflow for years and like you said, any attacker would have to know your LUKS passphrase or catch your desktop while the screen is unlocked.

[–] [email protected] 1 points 11 months ago (2 children)

Auto login works on remote sessions too though, right?

[–] [email protected] 5 points 11 months ago

I can't speak for all methods but in the case of GNOME's greeter, autologin doesn't apply to remote sessions.

[–] [email protected] 2 points 11 months ago

You mean SSH? I have it blocked by a firewall. Or do you mean anything else I am unaware of?