TPM keys and user presence

Brian Candler b.candler at pobox.com
Sat Jul 5 17:39:13 AEST 2025


On 05/07/2025 06:52, Anton Khirnov wrote:
> - I have to enter the PIN on every use, which is highly inconvenient and
>    increases the likelihood the entry will be observed (e.g. in a public
>    environment with cameras)
> - the key is in the agent and PIN is not required, then any program that
>    can access the agent can silently SSH all it wants

If the private key is actually in the agent, then you can flag that key 
to require confirmation on each use. With a normal key, it would be 
"ssh-add -c". That normally just means clicking "OK"; you don't have to 
enter a PIN.  I don't know how easy it would be for a rogue program that 
accesses the socket to spoof the confirmation too.

However, I don't use a TPM, and I'm surprised that the TPM allows the 
private key to be released to the agent in the first place.


More information about the openssh-unix-dev mailing list