On Tue, 17 Jun 2025, Marco Trevisan wrote: > On giu 17 2025, at 12:58 am, Damien Miller <djm@xxxxxxxxxxx> wrote: > > > On Mon, 16 Jun 2025, Marco Trevisan wrote: > > > >> In the short run I feel one thing we may do is to make ssh-agent to only > >> use fprintd (it needs to go through fprintd DBus APIs, PAM or > >> `fprintd-verify`) every time the agent requires to provide the key, so > >> to enforce the security, but not to make it unlock the secret when you > >> use `ssh-add`. > > > > Note that, even if you do the above, the protection the fingerprint > > provides to your private key material is only as strong as your OS' > > security. If an attacker is able to elevate privilege then they > > could steal the key material from the agent without your fingerprint. > > Isn't this true for any kind of privilege escalation when the agent is > in place? Yes, it's true any time the key material is held in the agent as opposed to in a separate device. I was trying to point out that the biometrics doesn't really protect the key in the suggested case, only _use of the key_. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
