Unlocking private key using biometric token
Damien Miller
djm at mindrot.org
Tue Jun 17 20:02:53 AEST 2025
On Tue, 17 Jun 2025, Marco Trevisan wrote:
> On giu 17 2025, at 12:58 am, Damien Miller <djm at mindrot.org> wrote:
>
> > On Mon, 16 Jun 2025, Marco Trevisan wrote:
> >
> >> In the short run I feel one thing we may do is to make ssh-agent to only
> >> use fprintd (it needs to go through fprintd DBus APIs, PAM or
> >> `fprintd-verify`) every time the agent requires to provide the key, so
> >> to enforce the security, but not to make it unlock the secret when you
> >> use `ssh-add`.
> >
> > Note that, even if you do the above, the protection the fingerprint
> > provides to your private key material is only as strong as your OS'
> > security. If an attacker is able to elevate privilege then they
> > could steal the key material from the agent without your fingerprint.
>
> Isn't this true for any kind of privilege escalation when the agent is
> in place?
Yes, it's true any time the key material is held in the agent as
opposed to in a separate device. I was trying to point out that the
biometrics doesn't really protect the key in the suggested case, only
_use of the key_.
-d
More information about the openssh-unix-dev
mailing list