Is there a security risk with enabling autologin when you have disk encryption with LUKS enabled? If anyone gets hold of the PC, they have to enter the password needed for decrypting the disk.

  • @[email protected]
    link
    fedilink
    201 year ago

    I use autologin too with disk encryption and i don’t see an issue. If you have the encryption password nothing can stop you anyway. And if you put your computer in any sleep mode you have to login after waking up.

  • @[email protected]
    link
    fedilink
    51 year ago

    it’s fine, but I recommend only enabling autologin at boot so you can lock the screen without shutting down the entire PC

  • @FlexibleToast
    link
    41 year ago

    You could potentially do it even better the other way around. You can use clevis and tang to have network bound disk encryption setup. That way, anytime you’re connected to your network the disk auto decrypts. For laptops, I like to put a decryption key on a USB drive that auto decrypts the drive. Network bound disk encryption doesn’t work over wifi and this way I can still have it decrypt on the go but lock it by removing the USB key (like if you leave the laptop in the hotel room just take the USB out and keep it with you).

  • @[email protected]
    link
    fedilink
    2
    edit-2
    1 year ago

    I’m not familiar with the environment, but depending upon how locked-down the system is and what permissions the auto-logged-in user gets, an attacker could use the session to modify the environment to grab the LUKS password for later collection.

    • @[email protected]
      link
      fedilink
      English
      51 year ago

      I can’t speak for all methods but in the case of GNOME’s greeter, autologin doesn’t apply to remote sessions.

    • adzsxOP
      link
      fedilink
      Deutsch
      21 year ago

      You mean SSH? I have it blocked by a firewall. Or do you mean anything else I am unaware of?

  • @[email protected]
    link
    fedilink
    English
    11 year ago

    I’ve used this workflow for years and like you said, any attacker would have to know your LUKS passphrase or catch your desktop while the screen is unlocked.