It would appear that what is written to the TrustKey token is a credential and not the actual private key. It is still necessary to have access to the actual private key on the client either by it being in the ~/.ssh/ directory, or by specifying where it can be found using the -i <path/to/private/key> option to ssh if you wish to carry the private key with you on a small USB stick together with the token. It is still necessary to touch the TrustKey token to complete the authentication process thus ensuring that 2FA is satisfied, but it still might be preferable to use a fully biometric token rather than a mere touch sensitive token.
Statistics: Posted by hfl — Mon May 06, 2024 3:56 am