WebSetNet

Technology News

With WSL Hello sudo, you can use Windows Hello in Windows Subsystem for Linux

by

WSL Hello sudo

Microsoft greatly simplified the user login and authentication process with the introduction of Windows Hello. The biometric security system for Windows 10 means laboriously typing out passwords has been replaced with facial or fingerprint recognition.

Taking this idea to the next level is a great open source Rust-based utility called WSL Hello sudo. This is a pluggable authentication module (PAM) that makes it possible to use Windows Hello authentication in Windows Subsystem for Linux.

WSL Hello sudo is compatible with both WSL 1 and WSL 2, and it helps to eliminate the need for time consuming, password-based authentication when running sudo commands with elevated privileges.

The idea is very simple. Just as Windows Hello replaces the need to type a password with recognition of your fingerprint or recognition of your face, so WSL Hello sudo does the same for WSL. The developers of the module explain how it works:

Windows Hello maintains RSA key-pairs for each Windows user in its TPM hardware, and tells success of authentication by signing given contents by the private key. To utilize its API, “WSL Hello sudo” contains small Windows CLI apps that return public key and singned signature of given content. On the other hand, the PAM module of “WSL Hello sudo” remembers the public keys of each Windows user who corresponds to each Linux user. So, the PAM module authenticates the given Linux user by the following process.

  1. The PAM module is launched by sudo and receives a Linux user to be authenticated
  2. The PAM module launches the companion Windows app and sends a random value via WSL’s interop bridge
  3. The companion Windows app invokes Windows Hello
  4. Windows Hello makes a signature of the given input by the private key of the current Windows user
  5. The companion Windows app returns the signature
  6. The PAM module verifies the signature by the public key of the Windows user who corresponds to the given Linux user.

If you are concerned about this level of interaction with your system, you can take comfort from the fact the software is open source, so its source code is freely available and open to scrutiny.

You can grab WSL Hello sudo from its home over on GitHub

Original Article

Related posts:

  1. What is Windows Subsystem for Linux 2?
  2. The ultimate guide to fixing problems with the May 2020 Update
  3. How Does the Windows 10 Subsystem for Linux Work and What Is It For?
  4. Microsoft is Adding Linux GUI app support to WSL
  5. How to import and export WSL distros on Windows 10
  6. 20+ Free Books To Learn Linux For Free
  7. Now You Can Run Linux Apps in Windows (Thanks to WSL)
  8. Running out of storage? Try these tips to free up space on Windows 10
  9. 20+ Free eBooks To Learn Linux For Free
  10. 10 best free electronic signature apps to eSign PDF