Unlock screen in 14.04 without `gnome-screensaver-command`
Solution 1
This worked for me:
On the command line:
gsettings set org.gnome.desktop.a11y.applications screen-keyboard-enabled true
The on-screen keyboard appears when you first sign-in but you can close it.
After this gnome-screensaver-command -d
works.
Taken from benshayden on https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1307163
Solution 2
There is no way of doing this unfortunately :(
Update - I have found a way. Check out my newer answer
This is my previous solution - It is unadvisable to use, it is not unlockable if you lose your phone; you have to restart to unlock it
I eventually came up with a solution - don't lock it in the first place. This may sound odd - bear with.
Instead of locking it, I disabled the Mouse and Keyboard, hid all desktop icons and then switched to the desktop. You could possibly hide more stuff (like the launcher) but I have that hidden anyway.
This command requires a bit of setup.
Install : xdotool - sudo apt-get install xdotool
Enter: xinput --list
and note down your mouse and keyboard ids.
I would suggest editing these commands in gedit
This one acts as the locker.
xinput set-prop <Keyboard ID> 'Device Enabled' 0 && xinput set-prop <Mouse ID> 'Device Enabled' 0 && gsettings set org.gnome.desktop.background show-desktop-icons false && wmctrl -k on
This acts as the unlock.
xinput set-prop <Keyboard ID> 'Device Enabled' 1 && xinput set-prop <Mouse ID> 'Device Enabled' 1 && gsettings set org.gnome.desktop.background show-desktop-icons true && wmctrl -k off
Change the and to their respective numbers, in both commands.
In order this:
- Disables / Enables the Keyboard
- Disables / Enables the Mouse
- Hides / Shows all your desktop icons
- Toggles showing your desktop.
One important thing to bear in mind - this can't be undone without your bluetooth device. If for some reason it fails, you have to restart. Because of that, it might be advisable to leave the keyboard enabled, and set up the unlock command to a chosen shortcut.
Solution 3
So, I figured the "best" way to do this (apocryphal, since we're still storing a password and faking typing it into a thing) would be to, as I commented above, encrypt the password to the entry USB key. It's a little messy of a script, so I'll explain what's going on.
The devices for the current user are enumerated by looking through /etc/pamusb.conf with xpath; each one is then mated with its UUID using xpath, and the UUID mapped to a device using blkid.
You have the choice to lock, unlock show device, or set up your key. When you run setup, it'll create ~/.ssh/pamusb_rsa if it doesn't exist. You'll then be asked to pick a device (or not, if there's only one), and to enter your password. Your PW will be stored, encrypted, in {device}/.pamusb/.auth.
When you run unlock, the devices are enumerated again, and checked one by one for a /.pamusb/.auth file. When one's spotted, decryption will be attempted and, if successful, will be used to type your password into whatever happens to be accepting text at the moment. It will only permit run when the session is locked, so hopefully, this isn't going to expose you too bad.
I named this ~/.bin/unity-lock-control (~/.bin is on my path), and have "unity-lock-control lock" and "unity-lock-control unlock" as my agents in pam.conf.
#!/bin/bash
PAM_KEY=${HOME}/.ssh/pamusb_rsa
devices() {
local NAMES NAME UUID DEV
NAMES=$(xmllint /etc/pamusb.conf --xpath '//user[@id="'$USER'"]/device')
NAMES=${NAMES//"<device>"/""}
NAMES=${NAMES//'</device>'/' '}
for NAME in $NAMES; do
UUID=$(xmllint /etc/pamusb.conf --xpath '//device[@id="'$NAME'"]/volume_uuid/text()')
DEV=$(blkid -U $UUID)
if [[ -n $DEV ]]; then
echo ${NAME}:${UUID}:${DEV}
fi
done
}
locked() {
LS=$(ps -A -o cmd | grep 'unity-panel-service --lockscreen-mode' | grep -v grep)
if [[ -z $LS ]]; then
return -1
else
return 0
fi
}
mounted() {
MOUNTED=$(grep $1 /proc/mounts)
if [[ -z $MOUNTED ]]; then
return -1
fi
return 0
}
mount_point() {
cat /proc/mounts | grep $1 | cut -d \ -f 2
}
case "$1" in
devices)
devices
exit 0
;;
lock)
setsid paplay /usr/share/sounds/ubuntu/stereo/service-logout.ogg &
setsid gnome-screensaver-command -l &
sleep 1
exit
;;
unlock)
if ! locked; then
echo "Screen is not locked" >&2
exit 1
fi
if [[ ! -f $PAM_KEY ]]; then
echo "${PAM_KEY} does not exist; please run $0 setup." >&2
exit 1
fi
DEVICES=$(devices)
for device in $DEVICES; do
NAME=$(echo $device | cut -d : -f 1)
UUID=$(echo $device | cut -d : -f 2)
DEV=$(echo $device | cut -d : -f 3)
mounted $DEV
MOUNTED=$?
if [[ $MOUNTED -ne 0 ]]; then
udisksctl mount -b $DEV
fi
AUTH_FILE=$(mount_point $DEV)/.pamusb/.auth
if [[ -f $AUTH_FILE ]]; then
PASS=$(openssl rsautl -decrypt -inkey $PAM_KEY -in $AUTH_FILE)
fi
if [[ $MOUNTED -ne 0 ]]; then
udisksctl unmount -b $DEV
fi
if [[ -n $PASS ]]; then
xdotool type --delay 0 "${PASS}"
xdotool key Return
sleep 1
if locked; then
setsid paplay /usr/share/sounds/ubuntu/stereo/service-login.ogg &
else
setsid paplay /usr/share/sounds/ubuntu/stereo/dialog-warning.ogg &
fi
exit 0
fi
done
echo "Did not find unlock key" >&2
exit 1
;;
setup)
echo "This will set up an OpenSSL key, and encrypt your password to be stored"
echo "on a pamusb authenticator."
echo "-----"
if [[ ! -d ${HOME}/.ecryptfs || ! -d ${HOME}/.Private ]]; then
echo "Warning: Home folder is NOT encrypted" >&2
read -p "Continue (y/N):" conf
if [[ -z $conf ]]; then exit 1; fi
if [[ $conf == "n" || $conf == "N" ]]; then exit 1; fi
fi
mkdir -p $(dirname $PAM_KEY)
if [[ ! -f $PAM_KEY ]]; then
openssl genrsa -out $PAM_KEY 1024
fi
DEVICES=$(devices)
if [[ "${#DEVICES[@]}" -eq 1 ]]; then
device="${DEVICES[0]}"
else
echo "Please select the device you would like to contain your encrypted password"
for i in "${!DEVICES[@]}"; do
echo "$i: ${DEVICES[$i]}"
done
read selection
device="${DEVICES[$selection]}"
fi
NAME=$(echo $device | cut -d : -f 1)
UUID=$(echo $device | cut -d : -f 2)
DEV=$(echo $device | cut -d : -f 3)
mounted $DEV
MOUNTED=$?
if [[ $MOUNTED -ne 0 ]]; then
echo "${NAME} is not mounted; attempting mount"
udisksctl mount -b $DEV
fi
AUTH_FILE=$(mount_point $DEV)/.pamusb/.auth
if [[ -f $AUTH_FILE ]]; then
echo "Storing encrypted password to ${DEVICES[0]}"
read -sp "Please enter your UNIX password:" PASS
echo ""
echo $PASS | openssl rsautl -encrypt -inkey $PAM_KEY -out $AUTH_FILE
fi
if [[ $MOUNTED -ne 0 ]]; then
echo "${NAME} was not mounted; unmounting"
udisksctl unmount -b $DEV
fi
exit 0
;;
*)
echo "Control for lock screen"
echo $0 '{start|stop|devices|setup}'
exit 1
;;
esac
Related videos on Youtube
d_inevitable
Updated on September 18, 2022Comments
-
d_inevitable over 1 year
I've been happily using blueproximity in 13.10, but since upgrade to 14.04 it only locks when my phone goes out of range (using
gnome-screensaver-command -l
), but it does not unlock withgnome-screensaver-command -d
.Now the reason that
gnome-screensaver-command -d
doesn't work is because of a bug.However on that bug report it is mentioned that the gnome-screensaver is no longer used in trusty and therefore the
gnome-screensaver-command
is expected to be phased out, which could also be related to why the command doesn't work.So my question is, if the gnome-screensaver is replaced, then what would be the new command to unlock the screen without relying on
gnome-screensaver-command
?-
d_inevitable almost 10 years@Braiam This question is specific to 14.04 and later. Why did you remove the tag? There is no reason why to avoid using
gnome-screensaver-command
in earlier versions! -
Braiam almost 10 yearsYourself answered: 14.04 and later. 14.04 should be used only if that's the only version affected, which is not true since 14.10 has it. BTW, do not ask about bugs.
-
d_inevitable almost 10 years@Braiam 1. I do not know about later!! How can I? There is no later version yet. As of now it is only 14.04. And I did not ask about bugs. So if you don't mind, I will revert your edit.
-
Braiam almost 10 yearsSeriously? cdimage.ubuntu.com/daily-live/current try it out.
-
d_inevitable almost 10 years@Braiam that is not a release.
-
Braiam almost 10 yearsbut it is still a bug. bugs.launchpad.net/ubuntu/+source/blueproximity/+bug/1307163
-
d_inevitable almost 10 years@Braiam, perhaps you should read my question again. I am not asking about the bug being fixed. I am asking for an alternative tool while pointing out that this one is not working due to a known bug.
-
Braiam almost 10 yearsYou are looking for an alternative method to workaround the bug. Bugity bug. You are looking for a fix to the bug netheless. I'm trying to hack together a dbus method to unlock/lock the screen that that script can use and solve the bug.
-
d_inevitable almost 10 years@Braiam, I understand that this is not a place to submit bug reports and how to circumvent bugs. There is another place for bug reports. But my post here would be very inappropriate in that bug report. So if this is not the correct place to figure out a working way to lock and then unlock ubuntu in 14.04, then what is? Anyway thx for the link. I will check it out.
-
-
d_inevitable about 10 yearsHey nice idea! Would it be possible to change such that any keyboard input will lock the screen instead (giving a chance of unlocking it without the bluetooth device) instead of ignoring all keyboard input?
-
Tim about 10 yearsThat's even better! I was just about to post another idea, but I'll get working on that!
-
Tim about 10 years@d_inevitable Have a look at my new answer, it is neater (especially the 2nd method). I'm pretty sure it works.
-
d_inevitable almost 10 yearsHey, this look pretty good, but unfortunately storing password in clean text is not option. Its almost as bad a running everything in root as my user is on the sudoers list. But I think a combination of your two answers would work. I will try something out as soon as i can. Basically dim the screen until the mouse moves, a key is pressed or the bluetooth device comes back in range. If mouse moves or key is pressed, switch the screen back on and run
gnome-screensaver-command -l
so that a password can be entered while the bluetooth device is absent. I think it should be doable. -
Tim almost 10 yearsI did quickly look at the 'mouse move' option... I was thinking that xev might be able to do that?you could set it up that the mouse moves over the xev window, and if the output changes, you know something has happened.
-
Wouter van Vliet almost 10 yearsAgree, storing password in plain text is pretty bad. Having your homedir encrypted - as I think is the default now in Ubuntu - would make it a bit less bad though. I've played a bit around with it, and actually find solution #1 far easier, and don't really consider it all that hackish. Made a small change though. Instead of the mousemove, I put in
gnome-screensaver -d
as that still wakes up the screen and enables me to have a much shortersleep
(I got it set now to 0.1, but wonder if it's needed at all) -
Patrick Cornelissen almost 9 yearsThis should be much higher rated than the other answers. You should not put your password in these scripts, this is really bad!