[EXTERNAL] Re: Feature - Password over Pubkey auth

[Brian Candler]

On 04/08/2025 18:50, Sands, Daniel N. via openssh-unix-dev wrote:
> It's probably time to start thinking about solutions that no longer
> depend on a static password as the linch pin.

The decryption key has to be provided somehow. If it's not provided by 
the user themselves then it must be stored somewhere, and that means a 
TPM or HSM which will only unlock it under certain conditions (e.g. 
biometrics, PIN with max tries etc)