Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Pekka Helenius 00eb18a9cb Agent: fix device check loop 1 year ago
arch_linux Update Arch Linux PKGBUILD 1 year ago
doc Update docs (agent command section) 1 year ago
src Comment un-used variable tty 1 year ago
tools Agent: fix device check loop 1 year ago
utils Removed deprecated scripts 10 years ago
.gitignore Added .gitignore 10 years ago
COPYING Updated Free Software Foundation address in license notes 5 years ago
ChangeLog Updated ChangeLog 10 years ago
Makefile Update Makefile 5 years ago
README.md README: Fix wiki links 1 year ago



pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.

It works with any application supporting PAM, such as su and login managers (GDM, KDM).


  • Password-less authentication. Use your USB stick for authentication, don't type passwords anymore.
  • Device auto probing. You don't need to mount the device, or even to configure the device location (sda1, sdb1, etc). pam_usb.so will automatically locate the device using UDisks and access its data by itself.
  • Two-factor authentication. Achieve greater security by requiring both the USB stick and the password to authenticate the user.
  • Non-intrusive. pam_usb doesn't require any modifications of the USB storage device to work (no additional partitions required).
  • USB Serial number, model and vendor verification.
  • Support for One Time Pads authentication.
  • You can use the same device across multiple machines.
  • Support for all kind of removable devices (SD, MMC, etc).


  • pamusb-agent: trigger actions (such as locking the screen) upon device authentication and removal.
  • pamusb-conf: configuration helper.
  • pamusb-check: integrate pam_usb's authentication engine within your scripts or applications.

Getting Started