[fprint] fprint authentication over ssh

Pavel Herrmann morpheus.ibis at gmail.com
Sat Jul 12 04:59:53 PDT 2014


On Saturday 12 of July 2014 15:35:33 Igor Gnatenko wrote:
> Hi,
> I have local laptop with finger scanner and have remote server.
> Can I login over ssh and authorize by fingerprint?

do you want this as a gimmick, or as a real security feature?

one way to do this (the gimmicky one) is to have public key auth on ssh, and 
have a program on the laptop that unlocks/decrypts your key only if it gets 
the right fingerprint.
However, if an attacker were to steal your laptop, he could reverse said 
program to decrypt your private key without needing your fingerptint, so its 
not really any more secure than having a decrypted private key on your laptop

for real security, you would need to implement the fingerprint matching on a 
secure system (not your laptop)

Pavel Herrmann

More information about the fprint mailing list