Using the TPM 2.0 Chip as Your SSH Private Key
Daniel Nashed – 14 February 2026 16:36:06
In the previous blog post I explained FIDO2 security keys to protect SSH credentials.
But what if we want hardware protection without an external token?
Most modern systems already include a TPM 2.0 chip. We can use it as a hardware-backed SSH key store.
This could be also a VM having virtual TPM assigned.
Our goals:
- The private key must never exist as a file
- The key must be bound to this machine
- Every use must require a PIN
- It must work with standard OpenSSH
Install Required Software
Install the TPM tools and the PKCS#11 provider that OpenSSH can use.
apt install tpm2-tools libtpm2-pkcs11-tools libtpm2-pkcs11-1 opensc
Initialize the TPM Store
Create a persistent PKCS#11 store backed by the TPM.
tpm2_ptool init
tpm2_ptool listprimaries
Create a Token (Protected by PIN)
tpm2_ptool addtoken \
--label ssh-token \
--userpin 123456 \
--sopin 654321 \
--pid 1
The userpin will be required whenever the key is used.
Generate the SSH Key Inside the TPM
The private key is generated inside the TPM and cannot be exported.
There is no private key file in ~/.ssh.
tpm2_ptool addkey \
--label ssh-token \
--key-label ssh-key \
--userpin 123456 \
--algorithm ecc256
Extract the Public Key
print a normal OpenSSH-compatible public key that you can place into authorized_keys.
ssh-keygen -D /usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so
Use the TPM-Backed Key
SSH will prompt for the TPM user PIN.
The TPM performs the signature internally — the private key never leaves the chip.
ssh -I /usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so notes@127.0.0.1
What This Protects Against
- Copying private key files
- Disk image theft
- Backup extraction
The key is bound to this hardware and cannot be exported.
What It Does Not Protect Against
- Root compromise of a running system
- A compromised hypervisor
The TPM prevents key extraction, not runtime misuse.
With this setup, we now have an SSH key that:
- Is hardware-bound
- Cannot be copied
- Requires a PIN
- Works with standard OpenSSH
Some additional notes
They key can be also loaded into a SSH agent and also supports all kind of other flows like signed keys.
My focus for this post is Linux and the use case would be VMs where we want to protect the key.
TPM isn't available on WSL. On a notebook a FIDO2 key would be the better option anyway.
But for protecting keys on a VM TPM can be a great option to protect SSH keys.
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}