this post was submitted on 14 Oct 2023
31 points (100.0% liked)

Linux

48239 readers
687 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Is there a security risk with enabling autologin when you have disk encryption with LUKS enabled? If anyone gets hold of the PC, they have to enter the password needed for decrypting the disk.

top 8 comments
sorted by: hot top controversial new old
[–] GodIsNull@feddit.de 20 points 1 year ago

I use autologin too with disk encryption and i don't see an issue. If you have the encryption password nothing can stop you anyway. And if you put your computer in any sleep mode you have to login after waking up.

[–] chayleaf@lemmy.ml 5 points 1 year ago

it's fine, but I recommend only enabling autologin at boot so you can lock the screen without shutting down the entire PC

[–] FlexibleToast@lemmy.world 4 points 1 year ago

You could potentially do it even better the other way around. You can use clevis and tang to have network bound disk encryption setup. That way, anytime you're connected to your network the disk auto decrypts. For laptops, I like to put a decryption key on a USB drive that auto decrypts the drive. Network bound disk encryption doesn't work over wifi and this way I can still have it decrypt on the go but lock it by removing the USB key (like if you leave the laptop in the hotel room just take the USB out and keep it with you).

[–] tal 2 points 1 year ago* (last edited 1 year ago)

I'm not familiar with the environment, but depending upon how locked-down the system is and what permissions the auto-logged-in user gets, an attacker could use the session to modify the environment to grab the LUKS password for later collection.

[–] andruid@lemmy.ml 2 points 1 year ago (2 children)

Auto login works on remote sessions too though, right?

[–] thayer@lemmy.ca 6 points 1 year ago

I can't speak for all methods but in the case of GNOME's greeter, autologin doesn't apply to remote sessions.

[–] adzsx@infosec.pub 2 points 1 year ago

You mean SSH? I have it blocked by a firewall. Or do you mean anything else I am unaware of?

[–] thayer@lemmy.ca 2 points 1 year ago

I've used this workflow for years and like you said, any attacker would have to know your LUKS passphrase or catch your desktop while the screen is unlocked.