Unlocking private key using biometric token

Márton Gunyhó marci at gunyho.com
Mon Jun 16 21:32:57 AEST 2025


Hello,


This is probably a very naive question, but I am trying to figure out if 
I would be able to unlock my private key using my laptop's fingerprint 
reader instead of typing in the passphrase. I searched around quite a 
bit, but only found these stack overflow questions with no answers: 
https://serverfault.com/questions/1122450 
https://unix.stackexchange.com/questions/705144


I thought that this could be somehow done through PAM, because it 
integrates fingerprint authentication, but it seems like the decryption 
of the private key is handled by OpenSSH itself, without PAM. All 
references to PAM in the OpenSSH source were in relation to sshd, and 
not the client.


Am I asking for nonsense? Is it even possible to use a fingerprint as an 
encryption key, or is it only suitable for matching against a stored 
value (which I guess what PAM is doing)?


Best regards,

Márton Gunyhó



More information about the openssh-unix-dev mailing list