Unlocking private key using biometric token
Márton Gunyhó
marci at gunyho.com
Mon Jun 16 21:32:57 AEST 2025
Hello,
This is probably a very naive question, but I am trying to figure out if
I would be able to unlock my private key using my laptop's fingerprint
reader instead of typing in the passphrase. I searched around quite a
bit, but only found these stack overflow questions with no answers:
https://serverfault.com/questions/1122450
https://unix.stackexchange.com/questions/705144
I thought that this could be somehow done through PAM, because it
integrates fingerprint authentication, but it seems like the decryption
of the private key is handled by OpenSSH itself, without PAM. All
references to PAM in the OpenSSH source were in relation to sshd, and
not the client.
Am I asking for nonsense? Is it even possible to use a fingerprint as an
encryption key, or is it only suitable for matching against a stored
value (which I guess what PAM is doing)?
Best regards,
Márton Gunyhó
More information about the openssh-unix-dev
mailing list