FiSSH (SSH authentication via Fingerprint scanning over network (TLS Sockets))

Has anyone used the FiSSH app? It allows you use your phone’s biometrics to authenticate an SSH connection.

I’m curious how well it works and how much of a pain in the ass it is to implement. I would mainly be using it to ssh into my RasPi from an Ubuntu machine, but also through Termux on my phone.

My main concern is that I’m running AwesomeWM on the Ubuntu and I’ve yet to figure out how to give AWM access to the Gnome keyring, so it prompts for my rsa pass-phrase every time. But then again this may solve that problem by giving Awesome it’s own auth token.

FiSSH (SSH authentication via Fingerprint scanning over network (TLS Sockets)) - https://f-droid.org/packages/ro.ioanm.fissh

1 Like

Hello fellow madman.

I am like a chameleon, my measurements and colors change from minute to minute, even my weight has different values. I am completely different from a bag of rice.
I don’t even delve into such immature ideas

True, but more basic - Why would I want to use anything windos-related, or feed fingerprints to a phone, when ssh with keys works perfectly fine?! Actually passwords work fine too, but if you’re lazy and want to set yourself up for future problems…

1 Like

I must have missed something in his reply. That was all gobbledygook to me.

Anyways, you make some solid points. I’m fairly new to the linux/open source world so it seemed like a useful piece of tech to me. But, that’s why I posted here. It’s been sitting on my phone unused for about a week and I’ve used SSH more times than I can count since then.

Using “biometrics” is stupid because a person’s biometrics change a lot, sometimes quickly. In the way bags of rice don’t. For example, say you decided to shave your head and wear gloves today. Facial recognition and fingerprint scanner probably fails.

1 Like

I get the facial recognition thing, that makes me uncomfortable regardless of losing functionality due to appearance change and I don’t use it, but I use fingerprint scanning and I wear gloves every day at work and it’s not too hard to just pull a glove off. Plus I have to pull them off to punch in a pin anyways. Also, I doubt I’ll be wearing gloves while I am using my computer.

Search cell phone gloves.

I don’t (and won’t) pay for my gloves. I am an union electrician, safety equipment is the responsibility of the contractor. It’s really not that big of a deal anyways.

Out of curiosity though, is there any other reasons (besides the gloves) that you would be against fingerprint authentication?

Yes because it is unsafe. And dangerous. If i know that you use your Fingerprint on your banc account, i can steal your Fingerprint from a surface that you touched with that finger and make a silicon fingerprint and empty your bank Account.

against fingerprint authentication?

  • You can easily change passwords, or keys. Fingerprints are harder to change.
  • Fingerprints are often on file already, and relatively easy to take a copy.
  • If you are in custody, your fingerprint is easily forcibly taken and used. Passwords are possible, but harder to get if you resist, unless you wrote them somewhere obvious.
  • I don’t know which is easier to steal or use by malicious software, but if it happens, see #1.
2 Likes

Biometrics as well as Alexa and other text-to-speach and voice-commands are a necessity when the user is expected to be analphabetic.
And depending where you look some say 10% other say 25% of us are an alphabets. This guys also want to be happy owners of a square java box. And the smart guys are making it possible now. And for the new users to not feel discriminated we all will be forced to use this tools. Soon reading and writing will be the R-word and the W-word.

Reading is one of my main hobbies, ya grumpy old bastard. Though you do make some solid points, as well as @justsomeguy.

So biometrics are pretty insecure. I already knew that, but had just remained willfully ignorant in exchange for conveniences. I’m working on eliminating that personal flaw.

Here is the dilemma, though:
How does one efficiently access their portable devices while remaining secure?

As @justsomeguy pointed out earlier, biometrics can be broken for the user by them wearing gloves or shaving their head. If removing a glove is inconvenient, how much more inconvenient is having to type in a password of sufficient length with a capital letter, symbol, and number. I don’t know the math, but short numeric passwords cannot be very secure.

And to my original question, if I do use a super secure password to encrypt the device itself and if FiSSH is only accessible after unlocking the device, then someone would have to make it past my password to get to the biometrics for FiSSH. Which leads me to reconsider doing this once I change to a password protected lockscreen.

1 Like

I do not remember who, but i think someone told you the solution already. It is called called hardware/key authentication. I use yubikey.

Just looked back through the whole thread and I don’t see a single mention of a hardware key. Maybe in one of your riddles?

I can think of a couple problems with a hardware key, one of them being identical to the fingerprint problem; it could be confiscated by authorities and used to access my device. The other being that it requires a password as backup, or at least the ones I was looking at. But then again, I hadn’t considered that I could use a generated password as a backup which would be more secure than the key itself.

How would you feel about an NFC enabled hardware key?

Despite your boomer-ish demeanor, I am interested in your opinion on this topic.

501127

To confiscate a hardware key you must first know if I have one. You can have a password that activates the key, for example.
This works in practice so that you enter a low level “trigger” password and only then you can authenticate with the yubikey.
I don’t see the NFC as a problem, although I don’t use it. The reason I don’t use nfc is that I don’t have one. My yubikey is cheap, and it uses usb.

1 Like

it would take a week of comupatative bruteforce but u could integrate a significant number into your favorite song in a key, as long as you dont forget the two

Could you elaborate, please? I’m not certain what you’re suggesting. I’m guessing you’re recommending how to create a strong master password. If so, I am definitely interested in understanding what you are saying. I have a pretty good solution for that (though I won’t share it here, obviously) but I’d love some more recommendations.