Mark Wadham

TouchID over SSH part 2 - Secretive agent

19 Feb 2022 13:46 | macOS | security | touchID

For some time I've been using a hand-rolled solution for touchID over ssh which I previously blogged about. Up until recently it's been a somewhat loosely-compiled scattering of config that wasn't really in a releasable form but with a pending security talk on the horizon I thought it would be worth tidying it up and making it releasable so I could mention it in my talk.

That code can be found here: touchid-remote

However when I was compiling it I was under the impression that one of the tools it relies on - touch2sudo - was merely a standalone binary for authenticating sudo commands locally. I didn't realise that the author had also noted in the README that it's possible to use it over SSH. The solution presented there involves forwarding the local ssh agent over the SSH connection and then configuring touch2sudo as the askpass agent.

[read more...]

How to use touchID for sudo remotely over ssh

18 Apr 2020 14:25 | macOS | security | touchID

TouchID on the mac is really cool. It's awesome being able to use it for sudo, but I thought it would be even more awesome if it could be used to authenticate sudo remotely over ssh.

I've made this work using touch2sudo - https://github.com/prbinu/touch2sudo which is a simple binary that when executed will show a touchID authentication

[read more...]

all posts

[year]
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015

[tag]
AWS
agile
apple
apple watch
aws
bash
cryptocurrency
development
email
exploits
iOS
iphone
linux
macOS
mining
mysql
php
ruby
scrum
security
synology
tailscale
> touchID <
vim
work