Is there a security risk with enabling autologin when you have disk encryption with LUKS enabled? If anyone gets hold of the PC, they have to enter the password needed for decrypting the disk.
I use autologin too with disk encryption and i don’t see an issue. If you have the encryption password nothing can stop you anyway. And if you put your computer in any sleep mode you have to login after waking up.
it’s fine, but I recommend only enabling autologin at boot so you can lock the screen without shutting down the entire PC
You could potentially do it even better the other way around. You can use clevis and tang to have network bound disk encryption setup. That way, anytime you’re connected to your network the disk auto decrypts. For laptops, I like to put a decryption key on a USB drive that auto decrypts the drive. Network bound disk encryption doesn’t work over wifi and this way I can still have it decrypt on the go but lock it by removing the USB key (like if you leave the laptop in the hotel room just take the USB out and keep it with you).
Auto login works on remote sessions too though, right?
I can’t speak for all methods but in the case of GNOME’s greeter, autologin doesn’t apply to remote sessions.
You mean SSH? I have it blocked by a firewall. Or do you mean anything else I am unaware of?
I’m not familiar with the environment, but depending upon how locked-down the system is and what permissions the auto-logged-in user gets, an attacker could use the session to modify the environment to grab the LUKS password for later collection.
I’ve used this workflow for years and like you said, any attacker would have to know your LUKS passphrase or catch your desktop while the screen is unlocked.
