Fido2 and Fingerprint scan vs touch

Jeremy Hansen jeremy at
Mon Oct 11 10:48:40 AEDT 2021

I’m evaluating the new Yubikey Bio keys and there’s some issues I don’t quite understand regarding presense touch and actual finger print verification.

If I load the resident key (i.e. ssh-add -K), things seem to work as expected and the wrong finger print results in dropping down to another authentication method.

If I don’t use ssh-add -K, then it seems ssh only verifies presense. I basically want to enforce proper fingerprint recognition always. Is there a way to do this?

Thank you

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list