10

I am using PuTTY to access my server via SSH. Due to the complexity of my private key's password, however, I've decided to consider using other methods of authentication, such as biometrics, more specifically fingerprints.

I have looked up how to do such a thing, but it seems that nobody has ever figured out how to do it before. Since I am using Windows 7, there is some integration between the fingerprint scanner's driver and Windows itself (Windows accepts fingerprints as an official method of authentication).

What I would like to do is unlock my laptop's SSH private key by supplying my fingerprint, and the unlocked private key can then be passed on to the server via SSH to log me in (as usual).

The fingerprint program I am using allows me to save passwords for sites, but it is an abandoned program from AuthenTec. It is also the only program that my fingerprint driver (also from AuthenTec) supports.

How can I complete such an undertaking? Or is it simply not worth the effort?

Castaglia
  • 277
oldmud0
  • 4,312
  • 3
  • 26
  • 45

1 Answers1

1

This sounds like a really interesting experiment. All the parts are available, although I don't know of anyone who has stitched them together. First of all, I would use the x.509 biometric consortium's approach.

Effectively what you'll be doing is creating a private key which is encrypted using a key generated from your fingerprint; then using that key, once decrypted, as a standard x.509 private key. This means that you won't need to modify OpenSSH so much as provide a custom method of providing the private key to it.

Unfortunately, out of the box, OpenSSH doesn't support x.509 authentication. However Roumen Petrov has fixed that here.

I've done both things independently and they work a charm - I've not tried glueing them together though. I suspect, as you allude, it may not be worth the effort.

Richard Vodden
  • 154