Fido2 and Fingerprint scan vs touch
Jeremy Hansen
jeremy at skidrow.la
Mon Oct 11 10:48:40 AEDT 2021
I’m evaluating the new Yubikey Bio keys and there’s some issues I don’t quite understand regarding presense touch and actual finger print verification.
If I load the resident key (i.e. ssh-add -K), things seem to work as expected and the wrong finger print results in dropping down to another authentication method.
If I don’t use ssh-add -K, then it seems ssh only verifies presense. I basically want to enforce proper fingerprint recognition always. Is there a way to do this?
Thank you
-jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20211010/ca4c1693/attachment.asc>
More information about the openssh-unix-dev
mailing list