Unlocking private key using biometric token
hvjunk
hvjunk at gmail.com
Mon Jun 16 22:05:56 AEST 2025
BitWarden seems to punt a SSH agent, and you can (where hardware supports it) unlock Bitwarden vault with biometrics
I’m using the biometric unlocking of Bitwardne on my iMac and MBP with the touchid key, but haven’t yet used the ssh agent of bitwarden
> On 16 Jun 2025, at 13:32, Márton Gunyhó <marci at gunyho.com> wrote:
>
> Hello,
>
>
> This is probably a very naive question, but I am trying to figure out if I would be able to unlock my private key using my laptop's fingerprint reader instead of typing in the passphrase. I searched around quite a bit, but only found these stack overflow questions with no answers: https://serverfault.com/questions/1122450 https://unix.stackexchange.com/questions/705144
>
>
> I thought that this could be somehow done through PAM, because it integrates fingerprint authentication, but it seems like the decryption of the private key is handled by OpenSSH itself, without PAM. All references to PAM in the OpenSSH source were in relation to sshd, and not the client.
>
>
> Am I asking for nonsense? Is it even possible to use a fingerprint as an encryption key, or is it only suitable for matching against a stored value (which I guess what PAM is doing)?
>
>
> Best regards,
>
> Márton Gunyhó
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list