Hacker News new | past | comments | ask | show | jobs | submit login

For Windows, it seems it's possible[0, see footnote], however there are problems like general incompatibilities [1], and official support status is " We have this in our backlog. At this point it's not prioritized.".

0: https://github.com/tavrez/openssh-sk-winhello

0.footnote: "Windows Hello also supports other types of authenticators like internal TPM device(if they support generating ECDSA or Ed25519 keys, they can be used instead of FIDO/U2F security keys)."

1: https://github.com/tavrez/openssh-sk-winhello/issues

2: https://github.com/PowerShell/Win32-OpenSSH/issues/1804#issu...




Its possible to do, and once set up its a reasonably smooth process.

- Init Your TPM

- Create a key+cert on your TPM using certutil.exe

- Grab your public key

- Use WinCryptSSH (https://github.com/buptczq/WinCryptSSHAgent) as your SSH agent and away you go

These are very simplified steps, but there are howtos floating around (eg https://blog.habets.se/2016/10/Windows-SSH-client-with-TPM.h...)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: