Fido2 and Fingerprint scan vs touch

Jeremy Hansen jeremy at skidrow.la
Mon Oct 11 10:48:40 AEDT 2021


I’m evaluating the new Yubikey Bio keys and there’s some issues I don’t quite understand regarding presense touch and actual finger print verification.

If I load the resident key (i.e. ssh-add -K), things seem to work as expected and the wrong finger print results in dropping down to another authentication method.

If I don’t use ssh-add -K, then it seems ssh only verifies presense. I basically want to enforce proper fingerprint recognition always. Is there a way to do this?

Thank you
-jeremy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20211010/ca4c1693/attachment.asc>


More information about the openssh-unix-dev mailing list