I suggest you ...

← General

SSH host and user certificates / certs support

59 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
tsl0922 shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Implementing  ·  AdminTermius Support (Customer Success Manager, Termius) responded  · 

Hello,

The latest iOS version beta has certificates support. Though it’s still work in progress.

Click Contact Us to let us know if you are interested and we’ll provide you with the access to beta.

In the next months we are going to add the certificates support on all platforms. No exact ETA at the moment, we are just working on it now.

Thanks

16 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • PPC commented  ·   ·  Flag as inappropriate

    Hi !

    I know, I'm part of the beta program already so I discovered that in the release notes :)

    Super news for some of us.

  • Timothy Prime commented  ·   ·  Flag as inappropriate

    Me too. I would like support for user certificates and for host certificates (think known_hosts).

  • Peter commented  ·   ·  Flag as inappropriate

    I also absolutely _need_ this feature in order to use the client.

  • Peter commented  ·   ·  Flag as inappropriate

    Hi! Could you please fix this? I _NEED_ OpenSSH Certificate support in order to use this client. It appears to me that "ADMIN" in this thread does not understand the question.

  • Guillaume commented  ·   ·  Flag as inappropriate

    Being able to use SSH Certificate with Termius, is a feature I'd loved to have (even if it is only on the Premium version) !

  • Nick Stoughton commented  ·   ·  Flag as inappropriate

    I tried a couple of different ways to do this, neither worked.

    First I tried generating the key with termius, then copy-paste exporting the pubkey, signing it and copying back the id_rsa-cert.pub.

    Then I generated a whole new key on my Mac, and exported the key.ppk, key.pub and key-cert.pub via iTunes. I imported the key into termius, but it does not try to use the certificate, but just the unsigned key.

    Running sshd with +-d" on the server, I see:
    Server listening on 0.0.0.0 port 22.
    debug1: Bind to port 22 on ::.
    Server listening on :: port 22.
    debug1: Server will not fork when running in debugging mode.
    debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
    debug1: inetd sockets after dupping: 3, 3
    Connection from 172.28.106.115 port 61478 on 172.28.106.28 port 22
    debug1: Client protocol version 2.0; client software version libssh2_1.7.0
    debug1: no match: libssh2_1.7.0
    debug1: Local version string SSH-2.0-OpenSSH_7.4
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: permanently_set_uid: 1002/1003 [preauth]
    debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP): Invalid argument [preauth]
    debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
    debug1: SSH2_MSG_KEXINIT sent [preauth]
    debug1: SSH2_MSG_KEXINIT received [preauth]
    debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
    debug1: kex: host key algorithm: ssh-rsa [preauth]
    debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
    debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
    debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
    debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
    debug1: rekey after 4294967296 blocks [preauth]
    debug1: SSH2_MSG_NEWKEYS sent [preauth]
    debug1: expecting SSH2_MSG_NEWKEYS [preauth]
    debug1: SSH2_MSG_NEWKEYS received [preauth]
    debug1: rekey after 4294967296 blocks [preauth]
    debug1: KEX done [preauth]
    debug1: userauth-request for user root service ssh-connection method publickey [preauth]
    debug1: attempt 0 failures 0 [preauth]
    debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:G521akhvfkr9s63tXZhBLy9TnNrb3VFKENeqghJYvhc [preauth]
    debug1: temporarily_use_uid: 0/0 (e=0/0)
    debug1: trying public key file /etc/ssh/authorized_keys
    debug1: fd 4 clearing O_NONBLOCK
    debug1: restore_uid: 0/0
    Failed publickey for root from 172.28.106.115 port 61478 ssh2: RSA SHA256:G521akhvfkr9s63tXZhBLy9TnNrb3VFKENeqghJYvhc
    debug1: userauth-request for user root service ssh-connection method keyboard-interactive [preauth]
    debug1: attempt 1 failures 1 [preauth]
    debug1: keyboard-interactive devs [preauth]
    debug1: auth2_challenge: user=root devs= [preauth]
    debug1: kbdint_alloc: devices '' [preauth]
    Received disconnect from 172.28.106.115 port 61478:11: Normal Shutdown [preauth]
    Disconnected from 172.28.106.115 port 61478 [preauth]
    debug1: do_cleanup [preauth]
    debug1: monitor_read_log: child log fd closed
    debug1: do_cleanup
    debug1: Killing privsep child 8191

  • casdev commented  ·   ·  Flag as inappropriate

    may I also suggest to rename this idea to "ssh host and user certificates / certs support" so it can be better found by other users!

  • casdev commented  ·   ·  Flag as inappropriate

    i also would like to know how to do this -> can't i present my ssh user ca signed certificate to my ssh servers with termius on IOS?

  • casdev commented  ·   ·  Flag as inappropriate

    is essential from a professional user's perspective...
    please add support for ssh user certificates (id_rsa-cert.pub) as well as storing ssh host certs / public ca keys in known_hosts file!

General

Categories

Feedback and Knowledge Base

(thinking…)