TPM keys and user presence
Brian Candler
b.candler at pobox.com
Sat Jul 5 17:39:13 AEST 2025
On 05/07/2025 06:52, Anton Khirnov wrote:
> - I have to enter the PIN on every use, which is highly inconvenient and
> increases the likelihood the entry will be observed (e.g. in a public
> environment with cameras)
> - the key is in the agent and PIN is not required, then any program that
> can access the agent can silently SSH all it wants
If the private key is actually in the agent, then you can flag that key
to require confirmation on each use. With a normal key, it would be
"ssh-add -c". That normally just means clicking "OK"; you don't have to
enter a PIN. I don't know how easy it would be for a rogue program that
accesses the socket to spoof the confirmation too.
However, I don't use a TPM, and I'm surprised that the TPM allows the
private key to be released to the agent in the first place.
More information about the openssh-unix-dev
mailing list