Mac Fingerprint Reader Store Password For Ssh

Active2 years, 10 months ago
Mac Fingerprint Reader Store Password For Ssh

I have an ssh key in my gnome keyring, protected by a password.
I have the 'Unlock password' for that key saved in my login keyring.

Hi All: I'm among the paranoid people out there who encrypt things but still fear key stroke logger to steal my passwords. Currently, I use fingerprint reader to do sudo, so that I don't need to type in password. Using Touch ID on your iPhone, iPad, and MacBook Pro is an easy way to use your fingerprint instead of a password for many common operations. With just a touch of your finger, the sensor quickly reads your fingerprint and automatically unlocks your device.

If I unlock my login keyring, I can ssh without password entry.
If my keyring is locked, the first time I ssh, it will prompt me for the ssh key password, then keeps it for the rest of the session.

However what I am trying to achieve, and what I perceive as the purpose of the login keyring, when I login using my fingerprint (which automatically enters my password, also note that my keyring password is the same as the login password), is that I should be able to use my ssh key (for sshfs) without having to type any password since it is held in my login keyring.

Is the keyring only unlocked for the execution of one particular start-up script - which I have not been able to identify (.profile is not it, I tried, it prompts for passwords when I try to ssh or mount sshfs)?

So my question is how I may be able to gain access to ssh/sshfs by using the stored password in my login keyring (at login).

Or in other words: is it possible to set up gnome keyring for passwordless ssh/sshfs, using the keyring to unlock the ssh key with the stored passphrase?

I have checked this, but it does not answer my request 'How to save an SSH key passphrase in gnome-keyring?'

Note: I am on Ubuntu 10.04 (I know I should upgrade, that's scheduled for later)

EDIT: I routinely login with my fingerprint, I tried a password login instead, as a result the login keyring unlocks and therefore ssh/sshfs work without me entering any password beyond the login.So now the question is how to unlock the keyring with fingerprint authentication.

ANSWER: https://askubuntu.com/questions/39217/unlock-keyring-with-fingerprint-reader-on-login/238055#238055In short, no the keyring cannot be unlocked with fingerprint authentication.If I want it unlocked, I need to use my login password.

Question closed.

Community
asoundmoveasoundmove
2,0261 gold badge13 silver badges18 bronze badges

2 Answers

how I may be able to gain access to ssh/sshfs by using the stored password in my login keyring (at login).

No, you can't. SSH communicates with the gnome-keyring using ssh-agent protocol and it supports only private key operations, not passing passwords.

JakujeJakuje
16.9k5 gold badges34 silver badges57 bronze badges

ANSWER: https://askubuntu.com/questions/39217/unlock-keyring-with-fingerprint-reader-on-login/238055#238055 In short, no the keyring cannot be unlocked with fingerprint authentication. If I want it unlocked, I need to use my login password.

asoundmoveasoundmove
2,0261 gold badge13 silver badges18 bronze badges

Reader Store Account

Not the answer you're looking for? Browse other questions tagged sshloginsshfsgnome-keyring or ask your own question.

Active3 years, 4 months ago

I am using PuTTY to access my server via SSH. Due to the complexity of my private key's password, however, I've decided to consider using other methods of authentication, such as biometrics, more specifically fingerprints.

I have looked up how to do such a thing, but it seems that nobody has ever figured out how to do it before. Since I am using Windows 7, there is some integration between the fingerprint scanner's driver and Windows itself (Windows accepts fingerprints as an official method of authentication).

What I would like to do is unlock my laptop's SSH private key by supplying my fingerprint, and the unlocked private key can then be passed on to the server via SSH to log me in (as usual).

The fingerprint program I am using allows me to save passwords for sites, but it is an abandoned program from AuthenTec. It is also the only program that my fingerprint driver (also from AuthenTec) supports.

Ssh Software For Mac

How can I complete such an undertaking? Or is it simply not worth the effort?

oldmud0oldmud0
3,1513 gold badges16 silver badges37 bronze badges

Use Fingerprint For Password

1 Answer

This sounds like a really interesting experiment. All the parts are available, although I don't know of anyone who has stitched them together. First of all, I would use the x.509 biometric consortium's approach.

Reader Store Coupons

Effectively what you'll be doing is creating a private key which is encrypted using a key generated from your fingerprint; then using that key, once decrypted, as a standard x.509 private key. This means that you won't need to modify OpenSSH so much as provide a custom method of providing the private key to it.

Unfortunately, out of the box, OpenSSH doesn't support x.509 authentication. However Roumen Petrov has fixed that here.

I've done both things independently and they work a charm - I've not tried glueing them together though. I suspect, as you allude, it may not be worth the effort.

Mac Fingerprint Reader Store Password For Ssh Key Id_rsa

Richard VoddenRichard Vodden

Google Play Store Password For All Downloads

Not the answer you're looking for? Browse other questions tagged sshputtyfingerprint or ask your own question.