Lock Sesi Linux Ketika Yubikey Dicabut
Posted on
Aku ingin ketika Yubikey dicabut maka sesi langsung terkunci. Di distribusi linux yang aku pakai, PopOS!, caranya cukup mudah.
Pertama, aku tancapkan Yubikey. Kedua, aku run command
udevadm monitor --property
Ketiga, aku cabut Yubikey. Sehingga akan muncul output
...
...
UDEV [791.393502] remove /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3.3 (usb)
ACTION=remove
DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3.3
SUBSYSTEM=usb
DEVNAME=/dev/bus/usb/001/010
DEVTYPE=usb_device
PRODUCT=1050/407/543
TYPE=0/0/0
BUSNUM=001
DEVNUM=010
SEQNUM=6408
USEC_INITIALIZED=773477778
ID_PATH=pci-0000:00:14.0-usb-0:3.3
ID_PATH_TAG=pci-0000_00_14_0-usb-0_3_3
ID_FOR_SEAT=usb-pci-0000_00_14_0-usb-0_3_3
MAJOR=189
MINOR=9
TAGS=:security-device:seat:uaccess:systemd:
CURRENT_TAGS=:seat:
Keempat, aku catat SUBSYSTEM=usb
, DEVTYPE=usb_device
, PRODUCT=1050/407/543
.
Kelima, aku bikin file /etc/udev/rules.d/85-yubikey-screen-lock.rules
yang isinya
ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{SUBSYSTEM}=="usb", ENV{PRODUCT}=="1050/407/*", RUN+="/usr/bin/loginctl lock-sessions"
Keenam, aku reload udevadm
udevadm control --reload-rules && udevadm trigger
Terakhir, test. Pasang Yubikey, kemudian cabut Yubikey maka sesi akan terkunci.