Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On Apple Silicon devices with macOS 26+, SSH keys can be natively stored in the Secure Enclave, protected via TouchID: https://news.ycombinator.com/item?id=46025721

It only supports sk-ecdsa-sha2-nistp256 key format, however that is widely supported currently.



Been using ed25519-sk with Yubikey for a few years now. Key is stored in KeepassXC and loaded in my SSH agent upon unlock.

It makes my SSH key pretty portable across devices


My approach aswell. Lock down ssh-agent and restrict its usage as much as possible. Securing your keys is also very reasonable but it cant silence this naging voice in the back of my head that keeps reminding me of a compromised ssh-agent or shell, whenever i authorize privileged actions.


You can also do something similar with any computer that has a TPM. It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly


> It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly

This is my cue.

https://github.com/Foxboron/ssh-tpm-agent


Thank you for sharing!




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: