SysRq Authentication

TL;DR

This guide shows you how to use the SysRq key for emergency authentication on Linux systems. It’s a last-resort method when standard login isn’t possible, but requires careful setup and understanding of security implications.

Prerequisites

• A Linux system (tested on Ubuntu 22.04).
• Root access or sudo privileges.
• Basic familiarity with the command line.

Steps

1. Enable SysRq

   First, check if SysRq is enabled. Run:

   cat /proc/sys/kernel/sysrq

   If the output is 0, it’s disabled. To enable it temporarily (until next reboot), use:

   sudo sysctl -w kernel.sysrq=1

   To make it permanent, edit /etc/sysctl.conf and add or modify the line to read:

   kernel.sysrq = 1

   Then run sudo sysctl -p to apply the changes.

2. Configure a SysRq Trigger

   Choose a key combination that won’t interfere with normal operation (e.g., Alt+SysRq). This guide assumes you will use this combination.

3. Create an Authentication Script

   This script will be executed when the SysRq trigger is pressed. Create a new file, for example /usr/local/bin/sysrq_auth.sh with the following content:

   #!/bin/bash
   # This script runs on SysRq keypress.
   
   # Replace 'your_password' with a strong password.
   PASSWORD="your_password"
   
   if [[ "$UID" -eq 0 ]]; then
     echo "SysRq authentication attempted as root. Password required." > /var/log/sysrq_auth.log
     read -s -p "Enter password: " INPUT_PASS
   echo >> /var/log/sysrq_auth.log
   
     if [[ "$INPUT_PASS" == "$PASSWORD" ]]; then
       echo "Authentication successful!" > /var/log/sysrq_auth.log
       # Add your desired actions here, e.g., reboot, shutdown.
       shutdown -r now #Reboot the system as an example
     else
       echo "Authentication failed." > /var/log/sysrq_auth.log
       exit 1
     fi
   else
     echo "SysRq authentication attempted by a non-root user." > /var/log/sysrq_auth.log
     exit 1
   fi

   Make the script executable:

   sudo chmod +x /usr/local/bin/sysrq_auth.sh

4. Register the SysRq Handler

   This step links the SysRq keypress to your authentication script. Edit /etc/initramfs-tools/modules and add the following line:

   sysrq_trigger

   Update the initramfs image:

   sudo update-initramfs -u

5. Configure Kernel Command Line

   Edit /etc/default/grub and add sysrq_trigger=YOUR_TRIGGER_KEY to the GRUB_CMDLINE_LINUX_DEFAULT line. Replace YOUR_TRIGGER_KEY with a unique key combination (e.g., ‘alt+sysrq’). For example:

   GRUB_CMDLINE_LINUX_DEFAULT="quiet splash sysrq_trigger=alt+sysrq"

   Update GRUB configuration:

   sudo update-grub

6. Reboot the System

   Reboot your system for the changes to take effect.

7. Test the Authentication

   After reboot, trigger the SysRq key combination (e.g., Alt+SysRq). You should be prompted for the password you set in the script. If correct, the actions defined in the script will execute.

Security Considerations

• Password Security: The password is stored in plain text within the script. This is a significant security risk. Consider using more secure methods if possible.
• Key Combination Choice: Choose a key combination that’s unlikely to be pressed accidentally.
• Limited Functionality: This method provides limited functionality and should only be used as a last resort.
• Logging: The script logs authentication attempts to /var/log/sysrq_auth.log. Regularly review this log for suspicious activity.