Unlock screen in 14.04 without `gnome-screensaver-command`

This worked for me:

On the command line:

gsettings set org.gnome.desktop.a11y.applications screen-keyboard-enabled true

The on-screen keyboard appears when you first sign-in but you can close it.

After this gnome-screensaver-command -d works.

Taken from benshayden on https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1307163

There is no way of doing this unfortunately :(

Update - I have found a way. Check out my newer answer

This is my previous solution - It is unadvisable to use, it is not unlockable if you lose your phone; you have to restart to unlock it

I eventually came up with a solution - don't lock it in the first place. This may sound odd - bear with.

Instead of locking it, I disabled the Mouse and Keyboard, hid all desktop icons and then switched to the desktop. You could possibly hide more stuff (like the launcher) but I have that hidden anyway.

This command requires a bit of setup.

Install : xdotool - sudo apt-get install xdotool

Enter: xinput --list and note down your mouse and keyboard ids.

I would suggest editing these commands in gedit

This one acts as the locker.

xinput set-prop <Keyboard ID> 'Device Enabled' 0 && xinput set-prop <Mouse ID> 'Device Enabled' 0 && gsettings set org.gnome.desktop.background show-desktop-icons false && wmctrl -k on

This acts as the unlock.

xinput set-prop <Keyboard ID> 'Device Enabled' 1 && xinput set-prop <Mouse ID> 'Device Enabled' 1 && gsettings set org.gnome.desktop.background show-desktop-icons true && wmctrl -k off

Change the and to their respective numbers, in both commands.

In order this:

• Disables / Enables the Keyboard
• Disables / Enables the Mouse
• Hides / Shows all your desktop icons
• Toggles showing your desktop.

One important thing to bear in mind - this can't be undone without your bluetooth device. If for some reason it fails, you have to restart. Because of that, it might be advisable to leave the keyboard enabled, and set up the unlock command to a chosen shortcut.

So, I figured the "best" way to do this (apocryphal, since we're still storing a password and faking typing it into a thing) would be to, as I commented above, encrypt the password to the entry USB key. It's a little messy of a script, so I'll explain what's going on.

The devices for the current user are enumerated by looking through /etc/pamusb.conf with xpath; each one is then mated with its UUID using xpath, and the UUID mapped to a device using blkid.

You have the choice to lock, unlock show device, or set up your key. When you run setup, it'll create ~/.ssh/pamusb_rsa if it doesn't exist. You'll then be asked to pick a device (or not, if there's only one), and to enter your password. Your PW will be stored, encrypted, in {device}/.pamusb/.auth.

When you run unlock, the devices are enumerated again, and checked one by one for a /.pamusb/.auth file. When one's spotted, decryption will be attempted and, if successful, will be used to type your password into whatever happens to be accepting text at the moment. It will only permit run when the session is locked, so hopefully, this isn't going to expose you too bad.

I named this ~/.bin/unity-lock-control (~/.bin is on my path), and have "unity-lock-control lock" and "unity-lock-control unlock" as my agents in pam.conf.

#!/bin/bash
PAM_KEY=${HOME}/.ssh/pamusb_rsa
devices() {
    local NAMES NAME UUID DEV
    NAMES=$(xmllint /etc/pamusb.conf --xpath '//user[@id="'$USER'"]/device')
    NAMES=${NAMES//"<device>"/""}
    NAMES=${NAMES//'</device>'/' '}
    for NAME in $NAMES; do
        UUID=$(xmllint /etc/pamusb.conf --xpath '//device[@id="'$NAME'"]/volume_uuid/text()')
        DEV=$(blkid -U $UUID)
        if [[ -n $DEV ]]; then
            echo ${NAME}:${UUID}:${DEV}
        fi
    done
}
locked() {
    LS=$(ps -A -o cmd | grep 'unity-panel-service --lockscreen-mode' | grep -v grep)
    if [[ -z $LS ]]; then
        return -1
    else
        return 0
    fi
}
mounted() {
    MOUNTED=$(grep $1 /proc/mounts)
    if [[ -z $MOUNTED ]]; then
        return -1
    fi
    return 0
}
mount_point() {
    cat /proc/mounts | grep $1 | cut -d \  -f 2
}
case "$1" in
    devices)
        devices
        exit 0
    ;;
    lock)
        setsid paplay /usr/share/sounds/ubuntu/stereo/service-logout.ogg &
        setsid gnome-screensaver-command -l &
        sleep 1
        exit
    ;;
    unlock)
        if ! locked; then
            echo "Screen is not locked" >&2
            exit 1
        fi
        if [[ ! -f $PAM_KEY ]]; then
            echo "${PAM_KEY} does not exist; please run $0 setup." >&2
            exit 1
        fi

        DEVICES=$(devices)
        for device in $DEVICES; do
            NAME=$(echo $device | cut -d : -f 1)
            UUID=$(echo $device | cut -d : -f 2)
            DEV=$(echo $device | cut -d : -f 3)
            mounted $DEV
            MOUNTED=$?
            if [[ $MOUNTED -ne 0 ]]; then
                udisksctl mount -b $DEV
            fi
            AUTH_FILE=$(mount_point $DEV)/.pamusb/.auth
            if [[ -f $AUTH_FILE ]]; then
                PASS=$(openssl rsautl -decrypt -inkey $PAM_KEY -in $AUTH_FILE)
            fi
            if [[ $MOUNTED -ne 0 ]]; then
                udisksctl unmount -b $DEV
            fi
            if [[ -n $PASS ]]; then
                xdotool type --delay 0 "${PASS}" 
                xdotool key Return
                sleep 1
                if locked; then
                    setsid paplay /usr/share/sounds/ubuntu/stereo/service-login.ogg &
                else
                    setsid paplay /usr/share/sounds/ubuntu/stereo/dialog-warning.ogg &
                fi
                exit 0
            fi
        done
        echo "Did not find unlock key" >&2
        exit 1
    ;;
    setup)
        echo "This will set up an OpenSSL key, and encrypt your password to be stored"
        echo "on a pamusb authenticator."
        echo "-----"
        if [[ ! -d ${HOME}/.ecryptfs || ! -d ${HOME}/.Private ]]; then
            echo "Warning: Home folder is NOT encrypted" >&2
            read -p "Continue (y/N):" conf
            if [[ -z $conf ]]; then exit 1; fi
            if [[ $conf == "n" || $conf == "N" ]]; then exit 1; fi
        fi
        mkdir -p $(dirname $PAM_KEY)
        if [[ ! -f $PAM_KEY ]]; then
            openssl genrsa -out $PAM_KEY 1024
        fi
        DEVICES=$(devices)
        if [[ "${#DEVICES[@]}" -eq 1 ]]; then
            device="${DEVICES[0]}"
        else
            echo "Please select the device you would like to contain your encrypted password"       
            for i in "${!DEVICES[@]}"; do
                echo "$i: ${DEVICES[$i]}"
            done
            read selection
            device="${DEVICES[$selection]}"
        fi
        NAME=$(echo $device | cut -d : -f 1)
        UUID=$(echo $device | cut -d : -f 2)
        DEV=$(echo $device | cut -d : -f 3)

        mounted $DEV
        MOUNTED=$?
        if [[ $MOUNTED -ne 0 ]]; then
            echo "${NAME} is not mounted; attempting mount"
            udisksctl mount -b $DEV
        fi
        AUTH_FILE=$(mount_point $DEV)/.pamusb/.auth
        if [[ -f $AUTH_FILE ]]; then
            echo "Storing encrypted password to ${DEVICES[0]}"
            read -sp "Please enter your UNIX password:" PASS
            echo ""
            echo $PASS | openssl rsautl -encrypt -inkey $PAM_KEY -out $AUTH_FILE
        fi
        if [[ $MOUNTED -ne 0 ]]; then
            echo "${NAME} was not mounted; unmounting"
            udisksctl unmount -b $DEV
        fi
        exit 0
    ;;
    *)
        echo "Control for lock screen"
        echo $0 '{start|stop|devices|setup}'
        exit 1
    ;;
esac

Update! There is a way to use the normal lock screen! Yay!

I don't know how secure it is (storing your password in plaintext), but I think it is the best possible.

This is the lock command: gnome-screensaver -d

There are 2 unlock commands:

No1:

This is the 1st unlock command:

gnome-screensaver -d && xdotool type mypassword12 && xdotool key Return

The click is to wake it up (it should click inside the login box, because of the mouse move), and show the nice new lock screen, instead of the "sleeping" black screen.

Then it types mypassword123! with an enter, to submit it, into the text box.

Important. For some reason - probably because of what xdotool is actually meant to be used for (keyboard shortcuts) - you can't enter double letters. To get around this, split it into 2 commands at each double letter (as above). Also, numbers have to have their own, separate command from letters (also above). Finally, modifiers (such as shift) need a separate one, as does the Return key.

No2:

This is the second one. It is a bit better and less hackish, but requires a lot of setting up.

First install actionaz:

sudo apt-get install actionaz

Open a new script, and drag in the correct items to your flow. (you can download the completed one here. If you chose to download this, open it, double click on Write text - Password here, and enter your password).

1. Pause: enter 3 seconds.
2. Click: copy and paste 165:555 into the Position box. (Depending on screen side, this may be different. Make sure it is clicking in the password box, otherwise it doesn't work).
3. Write text: enter your password in the box
4. Key: Click in the box and press Return

Save it in your home folder as unlock.ascr (or any name - I just didn't want to advertise that it had my password in it)

Set up your proximity command to be:

xdotool mousemove 0 0 && actionaz unlock.ascr -ex

The mouse move wakes it up, and the options tell it to execute the script and then exit at the end.

If you lose your device, you can always just type your password, so it is reversible.