lock linux desktop via removal of U2F USB key or any USB device

85-u2f-screen-lock.rules

# /etc/udev/rules.d/85-u2f-screen-lock.rules
# 2 REMOVE event rules for 2 different U2F devices
# to view the various properties you could use to create your rule use => udevadm monitor --property 
# You may get multiple matches if your rule is too wide. No rule to unlock because it's not called 2FA for nothing.
# If you want to do that then you would need to add the matching rule for ADD events  

ACTION=="remove", ENV{DEVTYPE}=="usb_device", ENV{SUBSYSTEM}=="usb", ENV{PRODUCT}=="1050/120/*", RUN+="/home/sean/bin/u2f-screen-lock.sh"
ACTION=="remove", ENV{ID_BUS}=="usb", ENV{ID_VENDOR_ID}=="096e", ENV{ID_MODEL_ID}=="0853", RUN+="/home/sean/bin/u2f-screen-lock.sh"

u2f-screen-lock.sh

#!/usr/bin/sh
# this script is only suitable for a single use machine as the following will lock and kill all non root sessions
# if unable to unlock your screensaver screen lock, check the permissions of your U2F key mappings. Your screen lock 
# will run under your current user permission 

user=`ps aux | grep -v root | grep session | head -n 1 | awk '{print $1}'`
sessionids=`loginctl list-sessions | grep ${user} | awk '{print $1}'`
for sessionid in $sessionids
do
	loginctl lock-session $sessionid
	echo "U2F locked sessionid $sessionid  ($user)" | systemd-cat -p info -t udev
done

# close any other tty sessions
ttys=`who | grep tty | grep -v \(:0\) | awk '{print $2}'`
for tty in $ttys
do
	pkill --signal HUP -t $tty
	echo "U2F killed $tty ($user)" | systemd-cat -p info -t udev
done